CVE-2025-51744

Critical CVSS: 9.8

An issue was discovered in jishenghua JSH_ERP 2.3.1. The /user/addUser endpoint is vulnerable to fastjson deserialization attacks.

Vendor

Product

CWE

Yayın Tarihi

2025-11-25 21:15:56

Güncelleme

2025-12-02 14:57:35

Source Identifier

cve@mitre.org

KEV Date Added

CWE-502 Jsherp CRITICAL Jishenghua 2025

https://blog.hackpax.top/jsh-erp3/ https://gist.github.com/Paxsizy/cd1557aeba8093a8650601c4dbffb6f9 https://gitee.com/jishenghua https://gitee.com/jishenghua/JSH_ERP

Medium

CVE-2026-1588

A vulnerability was found in jishenghua jshERP up to 3.6. The impacted element is the function install of the file /jshE…

Medium

CVE-2026-1549

A vulnerability was identified in jishenghua jshERP up to 3.6. Affected by this vulnerability is an unknown functionalit…

Medium

CVE-2026-1546

A security vulnerability has been detected in jishenghua jshERP up to 3.6. The impacted element is the function getBillI…

Medium

CVE-2025-67341

jshERP versions 3.5 and earlier are affected by a stored XSS vulnerability. This vulnerability allows attackers to uploa…

Medium

CVE-2025-67344

jshERP v3.5 and earlier is affected by a stored Cross Site Scripting (XSS) vulnerability via the /msg/add endpoint.

Critical

CVE-2025-51745

An issue was discovered in jishenghua JSH_ERP 2.3.1. The /role/addcan endpoint is vulnerable to fastjson deserialization…