CVE-2025-2638 – This vulnerability in JIZHICMS allows improper ... (How to Fix)

Q: What is the severity of CVE-2025-2638?

CVE-2025-2638 has a CVSS score of 4.3 (MEDIUM). This vulnerability in JIZHICMS allows improper authorization through manipulation of the 'ishot' parameter in the Article Handler component. Attackers can exploit this remotely to bypass access controls. All JIZHICMS installations up to version 1.7.0 are affected.

📋 TL;DR

This vulnerability in JIZHICMS allows improper authorization through manipulation of the 'ishot' parameter in the Article Handler component. Attackers can exploit this remotely to bypass access controls. All JIZHICMS installations up to version 1.7.0 are affected.

💻 Affected Systems

Products:

JIZHICMS

Versions: up to 1.7.0

Operating Systems: All

Default Config Vulnerable: ⚠️ Yes

Notes: Affects the /user/release.html endpoint in Article Handler component.

📦 What is this software?

Jizhicms by Jizhicms

View all CVEs affecting Jizhicms →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Unauthorized users could modify article settings, publish unauthorized content, or potentially escalate privileges within the CMS.

🟠

Likely Case

Attackers bypass authorization checks to manipulate article properties without proper permissions.

🟢

If Mitigated

With proper access controls and input validation, impact is limited to failed authorization attempts.

🌐 Internet-Facing: HIGH - The vulnerability is remotely exploitable and affects web-facing CMS installations.

🏢 Internal Only: MEDIUM - Internal systems are still vulnerable but have reduced attack surface.

🎯 Exploit Status

Public PoC: ⚠️ Yes

Weaponized: LIKELY

Unauthenticated Exploit: ✅ No

Complexity: LOW

Exploit details are publicly available in GitHub repositories. Attack requires some level of access to the CMS interface.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Unknown

Vendor Advisory: None known

Restart Required: No

Instructions:

No official patch available. Upgrade to version beyond 1.7.0 if available, or apply workarounds.

🔧 Temporary Workarounds

Input Validation Filter

all

Add server-side validation for the 'ishot' parameter to ensure only authorized values are accepted.

Modify /user/release.html to validate ishot parameter against user permissions

Access Control Middleware

all

Implement middleware that checks user permissions before processing Article Handler requests.

Add authentication check in the Article Handler component

🧯 If You Can't Patch

Restrict access to /user/release.html endpoint using web application firewall rules
Implement network segmentation to isolate JIZHICMS from sensitive systems

🔍 How to Verify

Check if Vulnerable:

Check if JIZHICMS version is ≤1.7.0 and test /user/release.html endpoint with ishot=1 parameter manipulation.

Check Version:

Check JIZHICMS version in admin panel or configuration files

Verify Fix Applied:

Test that unauthorized users cannot manipulate article settings via the ishot parameter.

📡 Detection & Monitoring

Log Indicators:

Unusual POST requests to /user/release.html with ishot parameter
Failed authorization attempts in CMS logs

Network Indicators:

HTTP requests to /user/release.html with parameter manipulation

SIEM Query:

web.url:*release.html AND web.param.ishot:*

📊 Metadata

CVE ID: CVE-2025-2638

CVSS v3 Score: 4.3 (MEDIUM)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N

CWE: CWE-266

EPSS Score: 0.09% exploit probability (26.1th percentile)

Published: March 23, 2025

Last Updated: April 2, 2025

🔗 References

https://github.com/H3rmesk1t/vulnerability-paper/blob/main/jizhiCMS-1.7.0-Incorrect%20Access%20Control2.md Exploit
https://vuldb.com/?ctiid.300639 Permissions Required,VDB Entry
https://vuldb.com/?id.300639 Third Party Advisory,VDB Entry
https://vuldb.com/?submit.519633 Third Party Advisory,VDB Entry
https://github.com/H3rmesk1t/vulnerability-paper/blob/main/jizhiCMS-1.7.0-Incorrect%20Access%20Control2.md Exploit

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2025-2638, you might also want to check these: