jshERP Endpoint addUser improper authorization_CVE-2025-8839

5.3 / 10

MEDIUM

CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P

Description

A vulnerability was found in jshERP up to 3.5. This issue affects some unknown processing of the file /jshERP-boot/user/addUser of the component Endpoint. The manipulation leads to improper authorization. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used.

AI Analysis

This vulnerability in jshERP's Endpoint allows unauthorized access due to improper authorization checks in the addUser endpoint, which can be exploited remotely.

Basic Information

ID CVE-2025-8839

Source VulDB

Published Aug 11, 2025 at 09:02

Affected Product

Vendor n/a

Product jshERP

Version 3.0

Affected Versions n/a jshERP 3.0
n/a jshERP 3.1
n/a jshERP 3.2
n/a jshERP 3.3
n/a jshERP 3.4
n/a jshERP 3.5

CWE Classification

CWE-285 CWE-266

AI Assessment

AI Severity Medium

Vendor jshERP Project

Product jshERP

Version 3.0, 3.1, 3.2, 3.3, 3.4, 3.5

References

{
    "lastseen": "",
    "description": "A vulnerability was found in jshERP up to 3.5. This issue affects some unknown processing of the file /jshERP-boot/user/addUser of the component Endpoint. The manipulation leads to improper authorization. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used.",
    "published": "2025-08-11T09:02:08.591Z",
    "modified": "2025-08-11T09:02:08.591Z",
    "type": "cve",
    "title": "jshERP Endpoint addUser improper authorization",
    "source": "VulDB",
    "references": "https://vuldb.com/?id.319373\nhttps://vuldb.com/?ctiid.319373\nhttps://vuldb.com/?submit.622569\nhttps://github.com/jishenghua/jshERP/issues/125",
    "id": "CVE-2025-8839",
    "bulletinFamily": "",
    "cwe": [
        "CWE-285",
        "CWE-266"
    ],
    "cvelist": null,
    "sourceData": "n/a jshERP 3.0\nn/a jshERP 3.1\nn/a jshERP 3.2\nn/a jshERP 3.3\nn/a jshERP 3.4\nn/a jshERP 3.5",
    "sourceHref": "",
    "cvss": {
        "score": 5.3,
        "severity": "MEDIUM",
        "vector": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P",
        "version": "4.0"
    },
    "cvss2": [],
    "cvss3": {
        "version": "",
        "vectorString": "",
        "baseScore": 0,
        "baseSeverity": "",
        "attackVector": "",
        "attackComplexity": "",
        "privilegesRequired": "",
        "userInteraction": "",
        "scope": "",
        "confidentialityImpact": "",
        "integrityImpact": "",
        "availabilityImpact": "",
        "cvssV3": {
            "version": "",
            "vectorString": "",
            "baseScore": 0,
            "baseSeverity": "",
            "attackVector": "",
            "attackComplexity": "",
            "privilegesRequired": "",
            "userInteraction": "",
            "scope": "",
            "confidentialityImpact": "",
            "integrityImpact": "",
            "availabilityImpact": ""
        }
    },
    "href": "",
    "category_name": "CVE",
    "post_link": "",
    "product": "jshERP",
    "version": "3.0",
    "vendor": "n/a",
    "ai_description": "This vulnerability in jshERP's Endpoint allows unauthorized access due to improper authorization checks in the addUser endpoint, which can be exploited remotely.",
    "ai_severity": "Medium",
    "ai_vendor": "jshERP Project",
    "ai_product": "jshERP",
    "ai_version": "3.0, 3.1, 3.2, 3.3, 3.4, 3.5",
    "ai_score": 0
}