CVE-2025-51746 | THREATINT

Description

An issue was discovered in jishenghua JSH_ERP 2.3.1. The /serialNumber/addSerialNumber endpoint is vulnerable to fastjson deserialization attacks.

PUBLISHED Reserved 2025-06-16 | Published 2025-11-25 | Updated 2025-11-26 | Assigner mitre

References

gitee.com/jishenghua/JSH_ERP

gitee.com/jishenghua

blog.hackpax.top/jsh-erp5/

gist.github.com/Paxsizy/cd1557aeba8093a8650601c4dbffb6f9

cve.org (CVE-2025-51746)

nvd.nist.gov (CVE-2025-51746)

Download JSON

help @ threatint.eu