CVE-2025-0390
Published: 11 January 2025
Summary
CVE-2025-0390 is a medium-severity Relative Path Traversal (CWE-23) vulnerability in Huayi-Tec Jeewms. Its CVSS base score is 6.9 (Medium).
Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked in the top 43.4% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.
The strongest mitigations our analysis identified are NIST 800-53 SI-10 (Information Input Validation) and SI-2 (Flaw Remediation).
Deeper analysis
CVE-2025-0390 is a critical path traversal vulnerability (CWE-23, CWE-24) in Guangzhou Huayi Intelligent Technology's Jeewms application, affecting versions up to 20241229. The flaw resides in unknown code within the /wmOmNoticeHController.do file, where manipulation using the '../filedir' sequence allows unauthorized file access outside intended directories.
Remote attackers require no privileges, authentication, or user interaction to exploit this vulnerability over the network with low complexity, as indicated by its CVSS v3.1 base score of 5.3 (AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N). Successful exploitation enables limited disclosure of sensitive files, resulting in low-impact confidentiality loss, with no effects on integrity or availability. The exploit has been publicly disclosed and may be actively used.
Advisories recommend upgrading to Jeewms version 20250101 to remediate the issue. Relevant details are documented in the Gitee issue at https://gitee.com/erzhongxmu/JEEWMS/issues/IBFKBM and VulDB entries at https://vuldb.com/?ctiid.291124 and https://vuldb.com/?id.291124.
EU & UK References
- 🇪🇺 ENISA EUVD: EUVD-2025-1637
Vulnerability details
A vulnerability classified as critical was found in Guangzhou Huayi Intelligent Technology Jeewms up to 20241229. This vulnerability affects unknown code of the file /wmOmNoticeHController.do. The manipulation leads to path traversal: '../filedir'. The attack can be initiated remotely. The exploit…
more
has been disclosed to the public and may be used. Upgrading to version 20250101 is able to address this issue. It is recommended to upgrade the affected component.
- CWE(s)
Related Threats
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
Path traversal in public web app directly enables remote unauthenticated file reads (T1190 for initial exploitation of public-facing app; T1005 for resulting local file data access).
CVEs Like This One
Affected Assets
Mitigating Controls
Mitigating Controls (NIST 800-53 r5) AI
Directly mitigates the path traversal vulnerability by requiring timely flaw remediation through upgrading to Jeewms version 20250101.
Validates information inputs to the /wmOmNoticeHController.do endpoint to block path traversal sequences like '../filedir' from accessing unauthorized files.
Enforces logical access authorizations to restrict file reads outside intended directories even if input validation fails.