Home

Description

Incorrect access control in the component \controller\SupplierController.java of jshERP v3.5 allows unauthorized attackers to arbitrarily modify the supplier status under any account.

PUBLISHED Reserved 2025-08-13 | Published 2025-08-21 | Updated 2025-08-21 | Assigner mitre

References

jsherp.com

github.com/jishenghua/jshERP

github.com/cina666/CVE/blob/main/jshERP/CVE-2025-55367.md

cve.org (CVE-2025-55367)

nvd.nist.gov (CVE-2025-55367)

Download JSON