Cyber Resilience

CVE-2025-0390

MediumPublic PoC

Published: 11 January 2025

Published
11 January 2025
Modified
11 September 2025
KEV Added
Patch
CVSS Score v4 6.9 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
EPSS Score 0.0033 56.6th percentile
Risk Priority 14 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2025-0390 is a medium-severity Relative Path Traversal (CWE-23) vulnerability in Huayi-Tec Jeewms. Its CVSS base score is 6.9 (Medium).

Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked in the top 43.4% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.

The strongest mitigations our analysis identified are NIST 800-53 SI-10 (Information Input Validation) and SI-2 (Flaw Remediation).

Deeper analysis

CVE-2025-0390 is a critical path traversal vulnerability (CWE-23, CWE-24) in Guangzhou Huayi Intelligent Technology's Jeewms application, affecting versions up to 20241229. The flaw resides in unknown code within the /wmOmNoticeHController.do file, where manipulation using the '../filedir' sequence allows unauthorized file access outside intended directories.

Remote attackers require no privileges, authentication, or user interaction to exploit this vulnerability over the network with low complexity, as indicated by its CVSS v3.1 base score of 5.3 (AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N). Successful exploitation enables limited disclosure of sensitive files, resulting in low-impact confidentiality loss, with no effects on integrity or availability. The exploit has been publicly disclosed and may be actively used.

Advisories recommend upgrading to Jeewms version 20250101 to remediate the issue. Relevant details are documented in the Gitee issue at https://gitee.com/erzhongxmu/JEEWMS/issues/IBFKBM and VulDB entries at https://vuldb.com/?ctiid.291124 and https://vuldb.com/?id.291124.

EU & UK References

Vulnerability details

A vulnerability classified as critical was found in Guangzhou Huayi Intelligent Technology Jeewms up to 20241229. This vulnerability affects unknown code of the file /wmOmNoticeHController.do. The manipulation leads to path traversal: '../filedir'. The attack can be initiated remotely. The exploit…

more

has been disclosed to the public and may be used. Upgrading to version 20250101 is able to address this issue. It is recommended to upgrade the affected component.

CWE(s)

Related Threats

MITRE ATT&CK Enterprise TechniquesAI

T1190 Exploit Public-Facing Application Initial Access
Adversaries may attempt to exploit a weakness in an Internet-facing host or system to initially access a network.
T1005 Data from Local System Collection
Adversaries may search local system sources, such as file systems, configuration files, local databases, virtual machine files, or process memory, to find files of interest and sensitive data prior to Exfiltration.
Why these techniques?

Path traversal in public web app directly enables remote unauthenticated file reads (T1190 for initial exploitation of public-facing app; T1005 for resulting local file data access).

Confidence: HIGH · MITRE ATT&CK Enterprise v18.1

CVEs Like This One

CVE-2025-0391Same product: Huayi-Tec Jeewms
CVE-2025-0392Same product: Huayi-Tec Jeewms
CVE-2024-57761Same product: Huayi-Tec Jeewms
CVE-2025-2056Shared CWE-23
CVE-2025-55747Shared CWE-23
CVE-2026-5422Shared CWE-23
CVE-2025-27610Shared CWE-23
CVE-2025-27553Shared CWE-23
CVE-2026-43533Shared CWE-23
CVE-2025-20059Shared CWE-23

Affected Assets

huayi-tec
jeewms
≤ 2025-01-01

Mitigating Controls

Mitigating Controls (NIST 800-53 r5) AI

prevent

Directly mitigates the path traversal vulnerability by requiring timely flaw remediation through upgrading to Jeewms version 20250101.

prevent

Validates information inputs to the /wmOmNoticeHController.do endpoint to block path traversal sequences like '../filedir' from accessing unauthorized files.

prevent

Enforces logical access authorizations to restrict file reads outside intended directories even if input validation fails.

References