CVE-2025-60800

CVSS v3.1

7.5

High

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Name of the Vulnerable Software and Affected Versions jshERP versions prior to commit 90c411a

Description An access control issue exists in the /jshERP-boot/user/info interface of jshERP. An attacker can obtain sensitive information by sending a specially crafted GET request to this interface. The vulnerable code allows unauthorized access to data. The affected component is the /jshERP-boot/user/info API endpoint. The vulnerable request is a GET request.

Recommendations Update jshERP to a version beyond commit 90c411a.

Fix

Improper Access Control

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-284

Related Identifiers

CVE-2025-60800

Affected Products

Jsherp

CVE-2025-60800

Weakness Enumeration

Related Identifiers

Affected Products

References · 6