A critical SQL Injection vulnerability, identified as CVE-2025-60269, has been discovered in multiple JEEWMS products. This flaw allows an unauthenticated attacker to execute arbitrary commands on the underlying database, potentially leading to a complete compromise of sensitive data, including data theft, modification, or deletion. Due to the high severity (CVSS 9.4), immediate patching is required to prevent potential exploitation.

The vulnerability is a classic SQL Injection located in the exportXls function within the CgExportExcelController.java file. An attacker can send a specially crafted web request to the endpoint that triggers this function. By embedding malicious SQL syntax into the parameters of the request, the attacker can bypass input validation and execute arbitrary SQL queries directly against the application's backend database, granting them unauthorized access and control over the stored data.

This vulnerability is rated as critical severity with a CVSS score of 9.4, posing a significant risk to the organization. Successful exploitation could lead to severe consequences, including the exfiltration of sensitive corporate or customer data, unauthorized modification or deletion of critical information, and potential for a full system compromise if the database service account has elevated privileges. The business risks include major data breaches, financial loss, reputational damage, and non-compliance with data protection regulations.

Immediate Action: Immediately apply the vendor-supplied security updates to all affected JEEWMS products to patch the vulnerability. After patching, closely monitor system and application logs for any signs of compromise or attempts to exploit this vulnerability that may have occurred prior to the update.

Proactive Monitoring: Security teams should actively monitor for suspicious activity targeting the affected component. This includes inspecting web server access logs for unusual requests to endpoints associated with CgExportExcelController.java or the exportXls function, particularly requests containing SQL keywords (e.g., UNION, SELECT, ', --). Monitor database logs for unexpected or anomalous queries originating from the web application.

Compensating Controls: If immediate patching is not feasible, implement the following controls to reduce risk:

• Deploy a Web Application Firewall (WAF) with a strict ruleset designed to detect and block SQL Injection attack patterns.
• Restrict access to the affected web application components to only trusted IP addresses.
• Ensure the application's database user account is configured with the principle of least privilege, limiting the potential impact of a successful exploit.

Public Exploit Available: false

Given the critical CVSS score of 9.4, this vulnerability represents a direct and severe threat to data confidentiality, integrity, and availability. It is strongly recommended that the organization prioritize the immediate patching of all affected JEEWMS instances. Although there is no current evidence of active exploitation, the risk of a targeted attack or opportunistic exploitation is high. All remediation and monitoring actions should be treated with the highest urgency.