CVE-2025-60268
Unknown Unknown - Not Provided
BaseFortify

Publication date: 2025-10-10

Last updated on: 2025-10-16

Assigner: MITRE

Description
An arbitrary file upload vulnerability exists in JeeWMS 20250820, which is caused by the lack of file checking in the saveFiles function in /jeewms/cgUploadController.do. An attacker with normal privileges was able to upload a malicious file that would lead to remote code execution.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2025-10-10
Last Modified
2025-10-16
Generated
2026-06-16
AI Q&A
2025-10-10
EPSS Evaluated
2026-06-15
NVD
CVE-2025-60268
EUVD
EUVD-2025-33761
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
huayi-tec jeewms 2025-08-20
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-77 The product constructs all or part of a command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended command when it is sent to a downstream component.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

This vulnerability is an arbitrary file upload flaw in JeeWMS version 20250820, specifically in the saveFiles function at the /jeewms/cgUploadController.do endpoint. Due to insufficient file validation, an authenticated user can upload malicious files, such as JSP scripts, which can then be executed on the server. This leads to remote code execution because the system does not properly check file types or sanitize filenames before saving them. [1]

Impact Analysis

Exploitation of this vulnerability can lead to critical impacts including full system compromise through remote code execution. An attacker could execute arbitrary code on the server, potentially resulting in data theft, website defacement, malware distribution, and loss of control over the affected system. [1]

Detection Guidance

Detection can be performed by monitoring and logging upload attempts to the /jeewms/cgUploadController.do endpoint, especially POST requests with multipart/form-data containing suspicious file types such as JSP files. Look for uploads with parameters saveFiles, cgFormId=1001, cgFormName=cgform_uploadfiles, and cgFormField=cgform_id. Commands to detect such activity could include using web server access logs with grep, for example: grep 'POST /jeewms/cgUploadController.do' /var/log/apache2/access.log | grep 'multipart/form-data' and scanning for suspicious filenames like '*.jsp'. Additionally, implement alerting on high-frequency or disallowed file type uploads. Network IDS/IPS rules can be created to detect multipart/form-data POST requests to this endpoint with suspicious payloads. [1]

Mitigation Strategies

Immediate mitigation steps include: 1) Enforce strict whitelisting of allowed file types by extension and verifying file magic bytes/MIME signatures. 2) Sanitize and ignore user-supplied filenames, generating safe server-side filenames such as UUIDs. 3) Store uploaded files outside the web root and serve them via controlled handlers with safe headers like Content-Disposition: attachment. 4) Remove execute permissions from upload directories and configure the web server to prevent script execution in these directories. 5) Verify content types by inspecting magic bytes rather than trusting Content-Type headers or extensions. 6) Scan uploads with antivirus or static analysis tools. 7) Apply least privilege principles to the web application user and database credentials. 8) Implement logging and alerting for upload attempts, especially for disallowed file types or high-frequency uploads. 9) Add automated tests in CI pipelines to ensure disallowed file types are rejected. [1]

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2025-60268. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart