CVE-2025-50901

CriticalPublic PoC

Published: 20 August 2025

Published

20 August 2025

Modified

11 September 2025

KEV Added

—

Patch

—

CVSS Score 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

EPSS Score 0.0011 29.6th percentile

Risk Priority 20 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2025-50901 is a critical-severity Improper Authentication (CWE-287) vulnerability in Jeewms Jeewms. Its CVSS base score is 9.8 (Critical).

Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked at the 29.6th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.

The strongest mitigations our analysis identified are NIST 800-53 AC-14 (Permitted Actions Without Identification or Authentication) and AC-3 (Access Enforcement).

Threat & Defense at a Glance

What attackers do: exploitation maps to Exploit Public-Facing Application (T1190) and 1 other technique. What defenders deploy: see the NIST 800-53 controls recommended below.

Threat & Defense Details

Mitigating Controls (NIST 800-53 r5)AI

AC-3 Access Enforcement good match

prevent

Enforces approved authorizations for logical access to information and system resources, directly preventing unauthorized arbitrary file reading due to authentication bypass.

IA-8 Identification and Authentication (Non-organizational Users) good match

prevent

Requires unique identification and authentication for non-organizational users, mitigating the improper authentication bypass exploited by unauthenticated remote attackers.

AC-14 Permitted Actions Without Identification or Authentication good match

prevent

Limits permitted actions without identification or authentication, ensuring arbitrary file reading is not authorized for unauthenticated users.

MITRE ATT&CK Enterprise TechniquesAI

T1190 Exploit Public-Facing Application Initial Access

Adversaries may attempt to exploit a weakness in an Internet-facing host or system to initially access a network.

attack.mitre.org →

T1005 Data from Local System Collection

Adversaries may search local system sources, such as file systems, configuration files, local databases, virtual machine files, or process memory, to find files of interest and sensitive data prior to Exfiltration.

attack.mitre.org →

Why these techniques?

Auth bypass in public-facing web app directly enables remote exploitation (T1190) and arbitrary local file access (T1005).

Confidence: HIGH · MITRE ATT&CK Enterprise v18.1

NVD Description

JeeWMS 771e4f5d0c01ffdeae1671be4cf102b73a3fe644 (2025-05-19) contains incorrect authentication bypass vulnerability, which can lead to arbitrary file reading.

Deeper analysisAI

CVE-2025-50901 is an incorrect authentication bypass vulnerability affecting JeeWMS at commit hash 771e4f5d0c01ffdeae1671be4cf102b73a3fe644, dated 2025-05-19. This flaw, mapped to CWE-287 (Improper Authentication), enables attackers to circumvent authentication mechanisms, resulting in arbitrary file reading on the vulnerable system. The vulnerability carries a CVSS v3.1 base score of 9.8 (AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H), marking it as critical due to its high impact on confidentiality, integrity, and availability.

Unauthenticated remote attackers can exploit this vulnerability over the network with low complexity and no user interaction required. Exploitation allows bypassing authentication controls, leading to arbitrary file reading, which exposes sensitive data and aligns with the high confidentiality impact; the CVSS score further indicates potential for high integrity and availability disruption.

Advisories reference the issue tracker at https://gitee.com/erzhongxmu/JEEWMS/issues/IC8RPM for further details on the vulnerability.