SQL Injection Vulnerability in JEEWMS Export Function
CVE-2025-60269

9.4CRITICAL

Key Information:

Vendor: JEEWMS
Status: JEEWMS
Vendor: CVE Published:; 10 October 2025

What is CVE-2025-60269?

The JEEWMS product version 20250820 presents a vulnerability in the exportXls function found in the CgExportExcelController.java file. This SQL Injection flaw allows attackers to manipulate SQL queries, potentially compromising the confidentiality and integrity of sensitive data. Immediate remediation is advised to safeguard user information and maintain system integrity.

References

https://gitee.com/erzhongxmu/JEEWMS

https://github.com/int-ux/report/issues/5

CVSS V3.1

Score:

9.4

Severity:

CRITICAL

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Oct 10, 2025
Vulnerability Reserved
Sep 26, 2025

JSON