CVE-2025-0391

The vulnerable software is Guangzhou Huayi Intelligent Technology Jeewms, specifically versions up to 20241229. The vulnerability is a critical SQL injection issue that affects the function saveOrUpdate of the file org/jeecgframework/web/cgform/controller/build/CgFormBuildController.java. This vulnerability can be exploited remotely, and a public exploit has been disclosed, making it possible for attackers to use it. To address this issue, it is recommended to upgrade to version 20250101. The vulnerability has been assigned the CVE identifier CVE-2025-0391. #GuangzhouHuayiIntelligentTechnology #Jeewms #SQLInjection #CVE20250391 #RemoteExploitation #PublicExploit #UpgradeRecommended #CyberSecurity #VulnerabilityDisclosure