CVE-2025-2114

Name of the Vulnerable Software and Affected Versions Shenzhen Sixun Software Sixun Shanghui Group Business Management System version 7

Description A problematic issue has been found in the Reset Password Interface component, specifically affecting the file /WebPages/Adm/OperatorStop.asp. The manipulation of the OperId argument leads to improper authorization, allowing for remote attacks. The complexity of an attack is rather high, and the exploitation is known to be difficult.

Recommendations For Shenzhen Sixun Software Sixun Shanghui Group Business Management System version 7, as a temporary workaround, consider restricting access to the Reset Password Interface or disabling the OperId argument manipulation until a patch is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.