CVE-2024-57761 – An arbitrary file upload vulnerability in JeeWM... (How to Fix)

Q: What is the severity of CVE-2024-57761?

CVE-2024-57761 has a CVSS score of 8.1 (HIGH). An arbitrary file upload vulnerability in JeeWMS allows attackers to upload malicious files that can lead to remote code execution. This affects all JeeWMS installations before version 2025.01.01. Attackers can compromise the entire system if they can access the vulnerable endpoint.

📋 TL;DR

An arbitrary file upload vulnerability in JeeWMS allows attackers to upload malicious files that can lead to remote code execution. This affects all JeeWMS installations before version 2025.01.01. Attackers can compromise the entire system if they can access the vulnerable endpoint.

💻 Affected Systems

Products:

JeeWMS

Versions: All versions before v2025.01.01

Operating Systems: Any OS running JeeWMS

Default Config Vulnerable: ⚠️ Yes

Notes: Vulnerability exists in the parserXML() method which handles file uploads. Any installation with this functionality enabled is vulnerable.

📦 What is this software?

Jeewms by Huayi Tec

View all CVEs affecting Jeewms →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Full system compromise with attacker gaining complete control over the server, data exfiltration, and lateral movement within the network.

🟠

Likely Case

Webshell deployment leading to persistent backdoor access, data theft, and potential ransomware deployment.

🟢

If Mitigated

File upload attempts blocked or sanitized, preventing code execution but potentially allowing DoS through resource exhaustion.

🌐 Internet-Facing: HIGH - Any internet-facing JeeWMS instance is directly exploitable if the vulnerable endpoint is accessible.

🏢 Internal Only: MEDIUM - Internal attackers or compromised internal systems could exploit this to gain elevated privileges.

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: UNKNOWN

Unauthenticated Exploit: ✅ No

Complexity: MEDIUM

Requires ability to upload files to the vulnerable endpoint. The CWE-434 classification indicates unrestricted file upload without proper validation.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: v2025.01.01

Vendor Advisory: https://gitee.com/erzhongxmu/JEEWMS/issues/IBFTZ7

Restart Required: No

Instructions:

1. Backup current installation. 2. Download v2025.01.01 from official source. 3. Replace vulnerable files with patched version. 4. Verify functionality.

🔧 Temporary Workarounds

File Upload Restriction

all

Implement strict file type validation and size limits on upload endpoints

Web Application Firewall Rules

all

Deploy WAF rules to block suspicious file upload patterns and XML parsing requests

🧯 If You Can't Patch

Disable file upload functionality in JeeWMS if not required
Implement network segmentation to isolate JeeWMS from critical systems

🔍 How to Verify

Check if Vulnerable:

Check JeeWMS version in admin panel or configuration files. If version is below 2025.01.01, system is vulnerable.

Check Version:

Check JeeWMS admin dashboard or configuration files for version information

Verify Fix Applied:

After patching, verify version shows 2025.01.01 or higher. Test file upload functionality with various file types.

📡 Detection & Monitoring

Log Indicators:

Unusual file uploads to parserXML endpoint
Large XML files being processed
Files with executable extensions (.php, .jsp, .exe) uploaded

Network Indicators:

POST requests to upload endpoints with suspicious file content
Unusual outbound connections after file uploads

SIEM Query:

source="jeeWMS" AND (uri="*parserXML*" OR file_extension IN ("php", "jsp", "exe", "war"))

📊 Metadata

CVE ID: CVE-2024-57761

CVSS v3 Score: 8.1 (HIGH)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N

CWE: CWE-434

EPSS Score: 0.25% exploit probability (47.8th percentile)

Published: January 15, 2025

Last Updated: September 11, 2025

🔗 References

https://gitee.com/erzhongxmu/JEEWMS/issues/IBFTZ7 Exploit,Issue Tracking

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2024-57761, you might also want to check these: