CVE-2025-2638

Name of the Vulnerable Software and Affected Versions JIZHICMS versions up to 1.7.0

Description A problematic issue was found in JIZHICMS, affecting an unknown part of the file /user/release.html of the component Article Handler. The manipulation of the argument ishot with the input 1 leads to improper authorization. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used.

Recommendations For JIZHICMS versions up to 1.7.0, consider restricting access to the /user/release.html endpoint until a patch is available. As a temporary workaround, avoid using the ishot argument in the affected Article Handler component to minimize the risk of exploitation.