Improper Access Control in JeeWMS File Handler
CVE-2025-5389

5.3MEDIUM

Key Information:

Vendor

JeeWMS

Status
Jeewms
Vendor
CVE Published:
31 May 2025

What is CVE-2025-5389?

A vulnerability has been discovered in the File Handler component of JeeWMS, which affects versions up to 20250504. This issue is associated with the function dogenerateOne2Many located at /generateController.do?dogenerateOne2Many. The flaw enables attackers to manipulate access controls improperly, potentially allowing unauthorized remote access. Given JeeWMS's continuous delivery model with rolling releases, there are no specific version details about affected or updated releases available.

Affected Version(s)

JeeWMS 20250504

References

https://vuldb.com/?id.310682
vdb-entrytechnical-description
https://vuldb.com/?ctiid.310682
signaturepermissions-required
https://gitee.com/erzhongxmu/JEEWMS/issues/IC5FNV
issue-tracking

CVSS V4

Score:
5.3
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
Low
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Attack Required:
None
Privileges Required:
Undefined
User Interaction:
None

Timeline

  • Vulnerability published

  • Vulnerability Reserved

Credit

VulDB Gitee Analyzer
JSON
.