CVE-2025-8840

CVSS v2.0

5.5

Medium

Vector

AV:N/AC:L/Au:S/C:N/I:P/A:P

Name of the Vulnerable Software and Affected Versions: jshERP versions prior to 3.6

Description: A vulnerability exists in jshERP up to version 3.5. An unknown function within the file /jshERP-boot/user/deleteBatch of the Endpoint component is affected. Manipulation of the argument ids leads to improper authorization. The attack can be executed remotely. The exploit has been disclosed to the public and may be used.

Recommendations: Versions prior to 3.6 should be updated. As a temporary workaround, restrict access to the /jshERP-boot/user/deleteBatch file to minimize the risk of exploitation.

Exploit

Fix

Improper Authorization

Incorrect Privilege Assignment

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-285CWE-266

Related Identifiers

CVE-2025-8840

Affected Products

Jsherp

CVE-2025-8840

Weakness Enumeration

Related Identifiers

Affected Products

References · 11