CRITICAL🇵🇱 Wersja polska

CVE-2025-50901

CVSS 9.8v3.1pub. 2025-08-20upd. 2025-09-11

JeeWMS 771e4f5d0c01ffdeae1671be4cf102b73a3fe644 (2025-05-19) contains incorrect authentication bypass vulnerability, which can lead to arbitrary file reading.

🤖 AI Analysis
How it works

The vulnerability results from improper implementation of the authentication mechanism (CWE-287), which can be bypassed without providing correct login credentials. A remote attacker with no privileges and without user interaction is able to gain access to protected application resources. After bypassing authentication, it is possible to read any files available in the context of the application process.

Impact

An attacker can read arbitrary files on the server, which may lead to exposure of sensitive configuration data, passwords, private keys, or other sensitive information. Combined with high CVSS scores for confidentiality, integrity, and availability, system compromise can be extensive.

Mitigation & patch

Patches available from the vendor should be applied according to references. The recommended action is to update to a version containing the fix described in issue IC8RPM in the Gitee repository. Until the patch is applied, consider restricting access to the application to trusted IP addresses only using a firewall or network access control mechanisms.

Who is affected

JeeWMS in the version corresponding to commit 771e4f5d0c01ffdeae1671be4cf102b73a3fe644 (2025-05-19)

Analysis generated by Claude AI (Anthropic) based on NVD data. Always verify with vendor.
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
  • Jeewms

    APP
    Jeewms
    2025-05-19
🔵
CHECK WITH VENDOR
No clear patch data available. Check vendor references.
Tags
Auth Bypass
CWE
References

Related vulnerabilities

CVE-2024-53499CRITICAL9.8PL ✓ten sam produkt

SQL Injection w Jeewms v3.7 poprzez CgReportController API

CVE-2024-27764CRITICAL9.8PL ✓ten sam produkt

Eskalacja uprawnień przez path traversal w Jeewms (AuthInterceptor)

CVE-2024-57757HIGH7.5ten sam produkt

JeeWMS before v2025.01.01 was discovered to contain a permission bypass in the component /interceptors/AuthInt...

CVE-2024-27765HIGH7.5ten sam produkt

Directory Traversal vulnerability in Jeewms v.3.7 and before allows a remote attacker to obtain sensitive info...

CVE-2026-3026MEDIUM5.5ten sam produkt

A vulnerability has been found in erzhongxmu JEEWMS 3.7. Affected by this issue is some unknown functionality ...