CVE-2025-7566 – This critical vulnerability in jshERP allows re... (How to Fix)

Q: What is the severity of CVE-2025-7566?

CVE-2025-7566 has a CVSS score of 4.7 (MEDIUM). This critical vulnerability in jshERP allows remote attackers to perform path traversal attacks via the Title parameter in the exportExcelByParam function. Attackers can potentially read or write files outside the intended directory. All users running jshERP versions up to 3.5 are affected.

📋 TL;DR

This critical vulnerability in jshERP allows remote attackers to perform path traversal attacks via the Title parameter in the exportExcelByParam function. Attackers can potentially read or write files outside the intended directory. All users running jshERP versions up to 3.5 are affected.

💻 Affected Systems

Products:

jshERP

Versions: up to 3.5

Operating Systems: All platforms running Java

Default Config Vulnerable: ⚠️ Yes

Notes: Affects the SystemConfigController component specifically.

📦 What is this software?

Jsherp by Jishenghua

View all CVEs affecting Jsherp →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Remote code execution leading to complete system compromise, data theft, or ransomware deployment.

🟠

Likely Case

Unauthorized file read/write operations, potentially exposing sensitive configuration files or user data.

🟢

If Mitigated

Limited impact with proper file system permissions and input validation controls in place.

🌐 Internet-Facing: HIGH - Attack can be initiated remotely without authentication.

🏢 Internal Only: MEDIUM - Still exploitable from internal networks but requires network access.

🎯 Exploit Status

Public PoC: ⚠️ Yes

Weaponized: LIKELY

Unauthenticated Exploit: ⚠️ Yes

Complexity: LOW

Proof of concept available on GitHub with detailed reproduction steps.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Unknown

Vendor Advisory: None available

Restart Required: No

Instructions:

No official patch available. Vendor was contacted but did not respond.

🔧 Temporary Workarounds

Input Validation Filter

all

Implement strict input validation to reject path traversal sequences in the Title parameter.

Implement server-side validation to block '../', '..\', and similar sequences

Web Application Firewall Rule

all

Block requests containing path traversal patterns in the Title parameter.

Configure WAF to block requests with '../' or similar patterns in parameters

🧯 If You Can't Patch

Restrict file system permissions to limit what the application can access
Implement network segmentation to isolate the jshERP instance

🔍 How to Verify

Check if Vulnerable:

Test the /src/main/java/com/jsh/erp/controller/SystemConfigController.java endpoint with path traversal payloads in the Title parameter.

Check Version:

Check jshERP version in application configuration or admin interface.

Verify Fix Applied:

Verify that path traversal attempts are blocked and return appropriate error responses.

📡 Detection & Monitoring

Log Indicators:

HTTP requests with '../' or similar patterns in Title parameter
File access errors for unexpected paths

Network Indicators:

Unusual file export requests to the SystemConfigController endpoint

SIEM Query:

source="web_server" AND (uri="*SystemConfigController*" AND param="*../*")

📊 Metadata

CVE ID: CVE-2025-7566

CVSS v3 Score: 4.7 (MEDIUM)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L

CWE: CWE-22

EPSS Score: 0.21% exploit probability (43.7th percentile)

Published: July 14, 2025

Last Updated: November 6, 2025

🔗 References

https://github.com/ShenxiuSec/cve-proofs/blob/main/POC-20250630-01.md Exploit,Third Party Advisory
https://github.com/ShenxiuSec/cve-proofs/blob/main/POC-20250630-01.md#steps-to-reproduce Exploit
https://vuldb.com/?ctiid.316264 Permissions Required,VDB Entry
https://vuldb.com/?id.316264 Third Party Advisory,VDB Entry
https://vuldb.com/?submit.606784 Third Party Advisory,VDB Entry

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2025-7566, you might also want to check these: