CVE-2025-7947

Name of the Vulnerable Software and Affected Versions jshERP versions prior to 3.6

Description A critical issue exists in jshERP. The vulnerability affects an unknown function within the /user/delete file of the Account Handler component. Manipulation of the ID argument results in improper authorization. Remote exploitation is possible. The exploit has been publicly disclosed and may be utilized.

Recommendations jshERP versions prior to 3.6: Update to version 3.6 or later to address the improper authorization issue. As a temporary workaround, restrict access to the /user/delete file to minimize the risk of exploitation.