Improper Access Controls in JeeWMS File Handler by JeeWMS
CVE-2025-5387

5.3MEDIUM

Key Information:

Vendor

JeeWMS

Status
Jeewms
Vendor
CVE Published:
31 May 2025

What is CVE-2025-5387?

A significant vulnerability has been discovered in JeeWMS, specifically in the File Handler component. This flaw is located in the 'dogenerate' function of the '/generateController.do?dogenerate' endpoint. It allows unauthorized access due to inadequate access controls, potentially enabling remote attackers to exploit the system without needing physical access. This vulnerability affects all versions of JeeWMS up to 20250504, highlighting a critical need for immediate action to secure the affected systems.

Affected Version(s)

JeeWMS 20250504

References

https://vuldb.com/?id.310680
vdb-entrytechnical-description
https://vuldb.com/?ctiid.310680
signaturepermissions-required
https://gitee.com/erzhongxmu/JEEWMS/issues/IC5FNV
issue-tracking

CVSS V4

Score:
5.3
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
Low
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Attack Required:
None
Privileges Required:
Undefined
User Interaction:
None

Timeline

  • Vulnerability published

  • Vulnerability Reserved

Credit

VulDB Gitee Analyzer
.
CVE-2025-5387 : Improper Access Controls in JeeWMS File Handler by JeeWMS