Home

Description

Incorrect access control in the component \controller\UserController.java of jshERP v3.5 allows attackers to arbitrarily reset user account passwords and execute a horizontal privilege escalation attack.

PUBLISHED Reserved 2025-08-13 | Published 2025-08-21 | Updated 2025-08-21 | Assigner mitre

References

jsherp.com

github.com/jishenghua/jshERP

github.com/cina666/CVE/blob/main/jshERP/CVE-2025-55366.md

cve.org (CVE-2025-55366)

nvd.nist.gov (CVE-2025-55366)

Download JSON