CVE-2025-0392
Published: 11 January 2025
Summary
CVE-2025-0392 is a medium-severity Injection (CWE-74) vulnerability in Huayi-Tec Jeewms. Its CVSS base score is 5.3 (Medium).
Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked at the 36.0th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.
The strongest mitigations our analysis identified are NIST 800-53 SI-10 (Information Input Validation) and SI-2 (Flaw Remediation).
Deeper analysis
CVE-2025-0392 is a SQL injection vulnerability classified as critical in Guangzhou Huayi Intelligent Technology's Jeewms application, affecting versions up to 20241229. The issue resides in the datagridGraph function within the /graphReportController.do file, where manipulation of the store_code argument enables the injection. It is remotely exploitable and associated with CWE-74 and CWE-89, with a CVSS v3.1 base score of 6.3 (AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L).
Attackers with low privileges (PR:L) can exploit this vulnerability remotely over the network with low complexity and no user interaction required. Successful exploitation allows limited impacts on confidentiality, integrity, and availability (C:L/I:L/A:L), potentially enabling unauthorized data access, modification, or disruption via injected SQL queries.
Advisories recommend upgrading to Jeewms version 20250101 to mitigate the issue. The exploit has been publicly disclosed, as noted in references including VulDB entries and a Gitee issue tracker.
EU & UK References
- 🇪🇺 ENISA EUVD: EUVD-2025-1639
Vulnerability details
A vulnerability, which was classified as critical, was found in Guangzhou Huayi Intelligent Technology Jeewms up to 20241229. Affected is the function datagridGraph of the file /graphReportController.do. The manipulation of the argument store_code leads to sql injection. It is possible…
more
to launch the attack remotely. The exploit has been disclosed to the public and may be used. Upgrading to version 20250101 is able to address this issue. It is recommended to upgrade the affected component.
- CWE(s)
Related Threats
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
Direct remote SQL injection in a public-facing web app controller enables exploitation of the application per T1190.
CVEs Like This One
Affected Assets
Mitigating Controls
Mitigating Controls (NIST 800-53 r5) AI
Directly prevents SQL injection by requiring validation of untrusted inputs like the store_code argument in the datagridGraph function.
Mitigates the vulnerability through timely identification, reporting, and patching to Jeewms version 20250101 as recommended.
Supports detection of SQL injection flaws like CVE-2025-0392 through regular vulnerability scanning of the application.