CVE-2025-29213
MEDIUMJEEWMS v3.7 - Remote Code Execution via Zip Slip in MigrateForm
Title source: llmDescription
A zip slip vulnerability in the component \service\migrate\MigrateForm.java of JEEWMS v3.7 allows attackers to execute arbitrary code via a crafted Zip file.
References (1)
Core 1
Core References
Exploit, Issue Tracking
https://github.com/wy876/cve/issues/7
Scores
CVSS v3
5.5
EPSS
0.0027
EPSS Percentile
18.1%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:L
CISA SSVC
Vulnrichment
Exploitation
poc
Automatable
yes
Technical Impact
total
Details
CWE
CWE-22
Status
published
Products (1)
jeewms/jeewms
3.7
Published
Apr 15, 2025
Tracked Since
Feb 18, 2026