CVE-2025-55368
📋 TL;DR
This vulnerability in jshERP v3.5 allows unauthorized attackers to modify supplier statuses under any account due to incorrect access control in RoleController.java. It affects all users of the vulnerable software version, potentially leading to supply chain disruptions or data integrity issues.
💻 Affected Systems
- jshERP
📦 What is this software?
Jsherp by Jishenghua
⚠️ Risk & Real-World Impact
Worst Case
Attackers could arbitrarily alter supplier data, causing operational disruptions, financial loss, or supply chain manipulation across all accounts.
Likely Case
Unauthorized modifications to supplier statuses, leading to incorrect business processes or data corruption in affected accounts.
If Mitigated
Limited impact if access controls are properly enforced, restricting modifications to authorized users only.
🎯 Exploit Status
Exploitation is straightforward as it involves sending crafted requests to the vulnerable endpoint without authentication; public proof-of-concept details are available in the provided GitHub reference.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: Unknown
Vendor Advisory: http://jsherp.com (no specific advisory found)
Restart Required: No
Instructions:
Check the official jshERP website or GitHub repository for updates; if a patch is released, apply it by updating the software to the fixed version.
🔧 Temporary Workarounds
Restrict Access to RoleController Endpoints
allImplement network or application-level access controls to block unauthorized requests to the vulnerable RoleController component.
Use firewall rules (e.g., iptables on Linux) to restrict IP access to the jshERP application port.
Configure web server (e.g., Apache/Nginx) to allow only trusted IPs.
Disable or Modify Vulnerable Function
allTemporarily disable or secure the supplier status modification feature in RoleController.java until a patch is available.
Edit RoleController.java to add authentication checks or comment out vulnerable code sections.
Restart the jshERP application after changes.
🧯 If You Can't Patch
- Monitor and audit logs for unauthorized access attempts to supplier modification endpoints.
- Implement strict network segmentation to isolate the jshERP instance from untrusted networks.
🔍 How to Verify
Check if Vulnerable:
Test by sending an unauthorized HTTP request to modify supplier status via the RoleController endpoint; if successful, the system is vulnerable.Check Version:
Check the jshERP version in the application interface or configuration files (e.g., version.txt or similar).Verify Fix Applied:
After applying a patch or workaround, retest the unauthorized request; it should be denied or require proper authentication.📡 Detection & Monitoring
Log Indicators:
- Unusual POST or PUT requests to /controller/RoleController endpoints without authentication logs.
- Failed authentication attempts followed by supplier status modifications.
Network Indicators:
- Anomalous traffic patterns to jshERP application ports from untrusted IPs.
- HTTP requests with supplier modification parameters from unauthorized sources.
SIEM Query:
Example: source="jshERP_logs" AND (uri="/controller/RoleController" AND status=200) AND user="anonymous"