CVE-2025-60268
BaseFortify
Publication date: 2025-10-10
Last updated on: 2025-10-16
Assigner: MITRE
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| huayi-tec | jeewms | 2025-08-20 |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-77 | The product constructs all or part of a command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended command when it is sent to a downstream component. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability is an arbitrary file upload flaw in JeeWMS version 20250820, specifically in the saveFiles function at the /jeewms/cgUploadController.do endpoint. Due to insufficient file validation, an authenticated user can upload malicious files, such as JSP scripts, which can then be executed on the server. This leads to remote code execution because the system does not properly check file types or sanitize filenames before saving them. [1]
How can this vulnerability impact me? :
Exploitation of this vulnerability can lead to critical impacts including full system compromise through remote code execution. An attacker could execute arbitrary code on the server, potentially resulting in data theft, website defacement, malware distribution, and loss of control over the affected system. [1]
How can this vulnerability be detected on my network or system? Can you suggest some commands?
Detection can be performed by monitoring and logging upload attempts to the /jeewms/cgUploadController.do endpoint, especially POST requests with multipart/form-data containing suspicious file types such as JSP files. Look for uploads with parameters saveFiles, cgFormId=1001, cgFormName=cgform_uploadfiles, and cgFormField=cgform_id. Commands to detect such activity could include using web server access logs with grep, for example: grep 'POST /jeewms/cgUploadController.do' /var/log/apache2/access.log | grep 'multipart/form-data' and scanning for suspicious filenames like '*.jsp'. Additionally, implement alerting on high-frequency or disallowed file type uploads. Network IDS/IPS rules can be created to detect multipart/form-data POST requests to this endpoint with suspicious payloads. [1]
What immediate steps should I take to mitigate this vulnerability?
Immediate mitigation steps include: 1) Enforce strict whitelisting of allowed file types by extension and verifying file magic bytes/MIME signatures. 2) Sanitize and ignore user-supplied filenames, generating safe server-side filenames such as UUIDs. 3) Store uploaded files outside the web root and serve them via controlled handlers with safe headers like Content-Disposition: attachment. 4) Remove execute permissions from upload directories and configure the web server to prevent script execution in these directories. 5) Verify content types by inspecting magic bytes rather than trusting Content-Type headers or extensions. 6) Scan uploads with antivirus or static analysis tools. 7) Apply least privilege principles to the web application user and database credentials. 8) Implement logging and alerting for upload attempts, especially for disallowed file types or high-frequency uploads. 9) Add automated tests in CI pipelines to ensure disallowed file types are rejected. [1]