CVE-2025-55366 – This vulnerability in jshERP v3.5 allows attack... (How to Fix)

Q: What is the severity of CVE-2025-55366?

CVE-2025-55366 has a CVSS score of 5.3 (MEDIUM). This vulnerability in jshERP v3.5 allows attackers to bypass access controls in the UserController component, enabling unauthorized password resets for any user account. This leads to horizontal privilege escalation where attackers can take over accounts with equal or higher privileges. Organizations using vulnerable versions of jshERP are affected.

📋 TL;DR

This vulnerability in jshERP v3.5 allows attackers to bypass access controls in the UserController component, enabling unauthorized password resets for any user account. This leads to horizontal privilege escalation where attackers can take over accounts with equal or higher privileges. Organizations using vulnerable versions of jshERP are affected.

💻 Affected Systems

Products:

jshERP

Versions: v3.5

Operating Systems: Any

Default Config Vulnerable: ⚠️ Yes

Notes: All deployments of jshERP v3.5 are vulnerable regardless of configuration.

📦 What is this software?

Jsherp by Jishenghua

View all CVEs affecting Jsherp →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Attackers gain administrative access to the ERP system, potentially accessing sensitive business data, manipulating financial records, or disrupting operations.

🟠

Likely Case

Attackers compromise user accounts to access confidential information, perform unauthorized transactions, or escalate privileges within the system.

🟢

If Mitigated

With proper network segmentation and monitoring, impact is limited to isolated systems with potential data exposure but no critical system compromise.

🌐 Internet-Facing: HIGH

🏢 Internal Only: MEDIUM

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: UNKNOWN

Unauthenticated Exploit: ✅ No

Complexity: MEDIUM

Exploitation requires some understanding of the application but is straightforward once access is obtained.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Check GitHub repository for latest version

Vendor Advisory: https://github.com/jishenghua/jshERP

Restart Required: No

Instructions:

1. Check current jshERP version. 2. Update to latest version from GitHub repository. 3. Verify UserController.java has proper access controls implemented.

🔧 Temporary Workarounds

Restrict Access to UserController

all

Implement network-level restrictions to limit access to vulnerable endpoints

🧯 If You Can't Patch

Implement strict network segmentation to isolate jshERP from critical systems
Enable detailed logging and monitoring for unauthorized password reset attempts

🔍 How to Verify

Check if Vulnerable:

Review UserController.java for missing access control checks on password reset functions

Check Version:

Check application version in admin panel or configuration files

Verify Fix Applied:

Test password reset functionality to ensure proper authorization is required

📡 Detection & Monitoring

Log Indicators:

Multiple failed password reset attempts
Password reset requests from unusual IP addresses
User account changes without proper authentication

Network Indicators:

Unusual traffic patterns to /user/resetPassword endpoints
Multiple password reset requests in short timeframes

SIEM Query:

source="jshERP" AND (event="password_reset" OR event="user_modify") AND user!="admin"

📊 Metadata

CVE ID: CVE-2025-55366

CVSS v3 Score: 5.3 (MEDIUM)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

CWE: CWE-284

EPSS Score: 0.05% exploit probability (16.2th percentile)

Published: August 21, 2025

Last Updated: September 9, 2025

🔗 References

http://jsherp.com Broken Link
https://github.com/cina666/CVE/blob/main/jshERP/CVE-2025-55366.md Exploit,Third Party Advisory
https://github.com/jishenghua/jshERP Exploit,Third Party Advisory

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2025-55366, you might also want to check these: