PT-2025-30368 · Jsherp · Jsherp
Zast.Ai
·
Published
2025-07-22
·
Updated
2025-07-30
·
CVE-2025-7948
CVSS v3.1
6.5
Medium
| Vector | AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N |
Name of the Vulnerable Software and Affected Versions
jshERP versions up to 3.5
Description
A problematic issue exists in jshERP that affects an unknown functionality of the file
/jshERP-boot/user/updatePwd. This manipulation results in weak password recovery and can be exploited remotely. The exploit for this issue has been publicly disclosed.Recommendations
Versions prior to 3.6: Address the weak password recovery issue in the
/jshERP-boot/user/updatePwd file.Exploit
Fix
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Jsherp