CVE-2025-67341 – jshERP versions 3.5 and earlier contain a store... (How to Fix)

Q: What is the severity of CVE-2025-67341?

CVE-2025-67341 has a CVSS score of 4.6 (MEDIUM). jshERP versions 3.5 and earlier contain a stored cross-site scripting (XSS) vulnerability that allows attackers to upload malicious PDF files containing XSS payloads. These files are accessible via static URLs, potentially exposing all users to script execution in their browsers. This affects all organizations using vulnerable jshERP installations.

📋 TL;DR

jshERP versions 3.5 and earlier contain a stored cross-site scripting (XSS) vulnerability that allows attackers to upload malicious PDF files containing XSS payloads. These files are accessible via static URLs, potentially exposing all users to script execution in their browsers. This affects all organizations using vulnerable jshERP installations.

💻 Affected Systems

Products:

jshERP

Versions: 3.5 and earlier

Operating Systems: All

Default Config Vulnerable: ⚠️ Yes

Notes: The vulnerability requires PDF upload functionality to be enabled and accessible to attackers.

📦 What is this software?

Jsherp by Jishenghua

View all CVEs affecting Jsherp →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Attackers could steal session cookies, perform actions as authenticated users, redirect users to malicious sites, or install malware through drive-by downloads.

🟠

Likely Case

Attackers with access to upload functionality could inject malicious scripts that execute when users view PDF files, potentially stealing credentials or session data.

🟢

If Mitigated

With proper input validation and output encoding, malicious scripts would be neutralized before reaching users' browsers.

🌐 Internet-Facing: HIGH

🏢 Internal Only: MEDIUM

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: UNKNOWN

Unauthenticated Exploit: ✅ No

Complexity: LOW

Exploitation requires access to upload PDF files, which typically requires some level of authentication or access to vulnerable upload endpoints.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Unknown

Vendor Advisory: https://github.com/jishenghua/jshERP/issues/139

Restart Required: No

Instructions:

1. Monitor the GitHub issue for official patches. 2. Apply any available updates from the vendor. 3. Test in a non-production environment first.

🔧 Temporary Workarounds

Disable PDF Uploads

all

Temporarily disable PDF file upload functionality in jshERP

Implement Content Security Policy

all

Add Content-Security-Policy headers to restrict script execution

🧯 If You Can't Patch

Implement strict file upload validation to block PDF files or sanitize content
Configure web application firewall (WAF) rules to detect and block XSS payloads in file uploads

🔍 How to Verify

Check if Vulnerable:

Check if running jshERP version 3.5 or earlier and if PDF upload functionality exists

Check Version:

Check jshERP configuration files or admin interface for version information

Verify Fix Applied:

Test PDF upload functionality with XSS payloads to ensure scripts are not executed

📡 Detection & Monitoring

Log Indicators:

Unusual PDF file uploads
Large number of PDF uploads from single user
PDF files with suspicious names or content

Network Indicators:

HTTP requests to static PDF URLs with suspicious parameters
Upload requests containing script tags in file content

SIEM Query:

source="web_server" AND (uri_path="*.pdf" AND (user_agent="*script*" OR referer="*javascript*"))

📊 Metadata

CVE ID: CVE-2025-67341

CVSS v3 Score: 4.6 (MEDIUM)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:N

CWE: CWE-79

EPSS Score: 0.03% exploit probability (9.1th percentile)

Published: December 12, 2025

Last Updated: December 19, 2025

🔗 References

https://github.com/jishenghua/jshERP/issues/139 Exploit,Issue Tracking,Vendor Advisory

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2025-67341, you might also want to check these: