CVE-2025-5390 – This critical vulnerability in JeeWMS allows re... (How to Fix)

Q: What is the severity of CVE-2025-5390?

CVE-2025-5390 has a CVSS score of 6.3 (MEDIUM). This critical vulnerability in JeeWMS allows remote attackers to bypass access controls on the file handling component, potentially accessing or manipulating files without proper authorization. All JeeWMS installations up to May 4, 2025 are affected. The vulnerability exists in the /systemController/filedeal.do endpoint's filedeal function.

📋 TL;DR

This critical vulnerability in JeeWMS allows remote attackers to bypass access controls on the file handling component, potentially accessing or manipulating files without proper authorization. All JeeWMS installations up to May 4, 2025 are affected. The vulnerability exists in the /systemController/filedeal.do endpoint's filedeal function.

💻 Affected Systems

Products:

JeeWMS

Versions: All versions up to 20250504

Operating Systems: Any OS running JeeWMS

Default Config Vulnerable: ⚠️ Yes

Notes: This product does not use versioning, making precise version identification difficult. All installations before May 4, 2025 should be considered vulnerable.

📦 What is this software?

Jeewms by Huayi Tec

View all CVEs affecting Jeewms →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete system compromise through unauthorized file access, modification, or deletion, potentially leading to data theft, system takeover, or service disruption.

🟠

Likely Case

Unauthorized access to sensitive files, configuration data, or user information stored in the JeeWMS system.

🟢

If Mitigated

Limited impact with proper network segmentation, strong authentication, and file system permissions preventing critical file access.

🌐 Internet-Facing: HIGH - The vulnerability is remotely exploitable and affects a web-facing component, making internet-exposed systems particularly vulnerable.

🏢 Internal Only: MEDIUM - Internal systems are still vulnerable but may have additional network controls reducing attack surface.

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: UNKNOWN

Unauthenticated Exploit: ⚠️ Yes

Complexity: LOW

The vulnerability description suggests remote exploitation is possible, and improper access controls typically have low exploitation complexity.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Unknown

Vendor Advisory: None available

Restart Required: No

Instructions:

No official patch available. Monitor the Gitee repository for updates: https://gitee.com/erzhongxmu/JEEWMS

🔧 Temporary Workarounds

Block vulnerable endpoint

all

Restrict access to the vulnerable /systemController/filedeal.do endpoint using web application firewall or reverse proxy rules.

# Example nginx location block
location /systemController/filedeal.do { deny all; }
# Example Apache .htaccess
<Files "filedeal.do">
Order Allow,Deny
Deny from all
</Files>

Implement strict file permissions

linux

Set restrictive file system permissions on JeeWMS directories to limit potential damage from unauthorized access.

# Linux example
chmod 750 /path/to/jeewms/
chown www-data:www-data /path/to/jeewms/ -R

🧯 If You Can't Patch

Isolate JeeWMS systems from internet access and restrict to necessary internal networks only
Implement strong authentication and authorization controls, and monitor all access to the /systemController/filedeal.do endpoint

🔍 How to Verify

Check if Vulnerable:

Check if JeeWMS installation date is before May 4, 2025 and verify the /systemController/filedeal.do endpoint exists and is accessible.

Check Version:

No standard version command. Check installation date and files in the JeeWMS directory structure.

Verify Fix Applied:

Test if unauthorized access to the filedeal function is prevented after implementing workarounds or updates.

📡 Detection & Monitoring

Log Indicators:

Unusual access patterns to /systemController/filedeal.do
Failed authentication attempts followed by successful file operations
File access from unexpected IP addresses or user agents

Network Indicators:

HTTP requests to /systemController/filedeal.do with suspicious parameters
Unusual file download/upload patterns from JeeWMS server

SIEM Query:

source="jeewms.log" AND (uri="/systemController/filedeal.do" OR uri="/filedeal.do") AND (response_code=200 OR response_code=302)

📊 Metadata

CVE ID: CVE-2025-5390

CVSS v3 Score: 6.3 (MEDIUM)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L

CWE: CWE-266

EPSS Score: 0.06% exploit probability (17.1th percentile)

Published: May 31, 2025

Last Updated: September 11, 2025

🔗 References

https://gitee.com/erzhongxmu/JEEWMS/issues/IC5FNV Issue Tracking
https://vuldb.com/?ctiid.310683 Permissions Required,VDB Entry
https://vuldb.com/?id.310683 Third Party Advisory,VDB Entry

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2025-5390, you might also want to check these: