CVE-2025-7947HIGH 8.1EPSS p24.8%

CVE-2025-7947CVE-2025-7947

Description

A vulnerability classified as critical has been found in jshERP up to 3.5. Affected is an unknown function of the file /user/delete of the component Account Handler. The manipulation of the argument ID leads to improper authorization. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used.

Scoring

CVSS 3.18.1 (HIGH)
VectorCVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H
EPSS0.33% probability of exploitation · percentile 24.8% · 2026-06-19T12:03:05Z
Published2025-07-22
Last modified2026-04-29

Underlying weaknesses· 3

CWE-266CWE-285CWE-639

References

  1. https://github.com/jishenghua/jshERP/issues/124
  2. https://vuldb.com/?ctiid.317088
  3. https://vuldb.com/?id.317088
  4. https://vuldb.com/?submit.619276
  5. https://github.com/jishenghua/jshERP/issues/124

3

TypeTargetConfidenceTier
WeaknessIncorrect Privilege Assignmentcwe-2660%live
WeaknessImproper Authorizationcwe-2850%live
WeaknessAuthorization Bypass Through User-Controlled Keycwe-6390%live

Related by meaning· 6

Nearest entities by semantic similarity across the cs-graph corpus.

CVE
CVE-2025-8839
CVE
CVE-2025-55370
CVE
CVE-2025-55368
CVE
CVE-2026-11467
CVE
CVE-2025-6329
CVE
CVE-2026-11469
Sourced from NVD + FIRST.org EPSS. Curated for EU compliance use cases by Adam Lundqvist, Founder at SQUR.