CVE-2025-60268

Name of the Vulnerable Software and Affected Versions JeeWMS version 20250820

Description An arbitrary file upload issue exists due to insufficient file validation within the saveFiles function located at the /jeewms/cgUploadController.do endpoint. An attacker with standard user privileges can upload a malicious file, potentially leading to remote code execution.

Recommendations Apply updates to address the insufficient file validation in the saveFiles function. Restrict access to the /jeewms/cgUploadController.do endpoint. As a temporary workaround, consider disabling the saveFiles() function until a patch is available.