Login Sign Up

CVE-2025-7947

5.4 MEDIUM
Authentication Bypass

📋 TL;DR

CVE-2025-7947 is an improper authorization vulnerability in jshERP's account deletion function that allows attackers to delete user accounts without proper permissions. This affects jshERP installations up to version 3.5. Attackers can exploit this remotely to disrupt operations by removing legitimate user accounts.

💻 Affected Systems

Products:
  • jshERP
Versions: Up to and including 3.5
Operating Systems: All platforms running jshERP
Default Config Vulnerable: ⚠️ Yes
Notes: All jshERP installations with the vulnerable /user/delete endpoint accessible are affected.

📦 What is this software?

Jsherp by Jishenghua

View all CVEs affecting Jsherp →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete disruption of business operations through mass deletion of administrative and user accounts, potentially causing data loss and service unavailability.

🟠

Likely Case

Targeted deletion of specific user accounts causing operational disruption and requiring account restoration efforts.

🟢

If Mitigated

Minimal impact with proper access controls and monitoring detecting unauthorized deletion attempts.

🌐 Internet-Facing: HIGH
🏢 Internal Only: MEDIUM

🎯 Exploit Status

Public PoC: ⚠️ Yes
Weaponized: LIKELY
Unauthenticated Exploit: ✅ No
Complexity: LOW

Exploit details are publicly available in GitHub issues. Attack requires some level of access but minimal technical skill.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Unknown

Vendor Advisory: https://github.com/jishenghua/jshERP/issues/124

Restart Required: No

Instructions:

Monitor the jshERP GitHub repository for security updates. Consider upgrading to any version above 3.5 when available.

🔧 Temporary Workarounds

Restrict Access to /user/delete Endpoint

all

Use web application firewall or reverse proxy to block or restrict access to the vulnerable endpoint

# Example nginx location block
location /user/delete { deny all; }

Implement Additional Authorization Layer

all

Add custom middleware to validate user permissions before processing account deletion requests

🧯 If You Can't Patch

  • Implement strict network segmentation to isolate jshERP from untrusted networks
  • Enable detailed logging and monitoring for all account deletion activities

🔍 How to Verify

Check if Vulnerable:

Check if jshERP version is 3.5 or earlier and the /user/delete endpoint is accessible without proper authorization checks.

Check Version:

Check jshERP configuration files or admin interface for version information

Verify Fix Applied:

Test that account deletion requests from unauthorized users are properly rejected with appropriate error responses.

📡 Detection & Monitoring

Log Indicators:

  • Multiple DELETE requests to /user/delete endpoint from single IP
  • Account deletion events without proper authentication context
  • Failed authorization attempts on account management functions

Network Indicators:

  • HTTP DELETE requests to /user/delete with ID parameter manipulation
  • Unusual patterns of account management requests

SIEM Query:

source="web_logs" AND (uri_path="/user/delete" AND http_method="DELETE") | stats count by src_ip

📊 Metadata

CVE ID: CVE-2025-7947
CVSS v3 Score: 5.4 (MEDIUM)
CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L
CWE: CWE-266
EPSS Score: 0.06% exploit probability (19.5th percentile)
Published: July 22, 2025
Last Updated: July 30, 2025

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2025-7947, you might also want to check these:

CVE-2026-23800 10.0

This vulnerability allows attackers to escalate privileges in Modular DS modular-connector WordPress...

Same vulnerability type (CWE-266)
CVE-2026-23550 10.0

This critical vulnerability in Modular DS allows attackers to escalate privileges due to incorrect p...

Same vulnerability type (CWE-266)
CVE-2025-41115 10.0

A critical vulnerability in Grafana's SCIM provisioning allows malicious SCIM clients to provision u...

Same vulnerability type (CWE-266)