CVE-2025-8840

Published: Aug 11, 2025Modified: Apr 29, 2026

2.1

Vector

CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

Show more

CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:XShow less

Source: CNA (Secondary)

Description

A vulnerability was determined in jshERP up to 3.5. Affected is an unknown function of the file /jshERP-boot/user/deleteBatch of the component Endpoint. The manipulation of the argument ids leads to improper authorization. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. Different than CVE-2025-7947.

Affected (1)

Products: Jishenghua: Jsherp

1 product

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Jishenghua Jsherp	Version 3.5

Related CWEs

Incorrect Privilege Assignment

A product incorrectly assigns a privilege to a particular actor, creating an unintended sphere of control for that actor.

Improper Authorization

The product does not perform or incorrectly performs an authorization check when an actor attempts to access a resource or perform an action.

References (6)

https://github.com/jishenghua/jshERP/issues/126

Source: cna@vuldb.com

ExploitIssue TrackingThird Party Advisory

https://vuldb.com/?ctiid.319374

Source: cna@vuldb.com

Permissions RequiredVDB Entry

https://vuldb.com/?id.319374

Source: cna@vuldb.com

Third Party AdvisoryVDB Entry

https://vuldb.com/?submit.622573

Source: cna@vuldb.com

Third Party AdvisoryVDB Entry

https://vuldb.com/?submit.622621

Source: cna@vuldb.com

Third Party AdvisoryVDB Entry

https://github.com/jishenghua/jshERP/issues/126

Source: 134c704f-9b21-4f2e-91b3-4a467353bcc0

ExploitIssue TrackingThird Party Advisory

Timeline

No history available yet.