CVE-2025-60800

Description

Incorrect access control in the /jshERP-boot/user/info interface of jshERP up to commit 90c411a allows attackers to access sensitive information via a crafted GET request.

PUBLISHED Reserved 2025-09-26 | Published 2025-10-28 | Updated 2025-10-29 | Assigner mitre

References

github.com/jishenghua/jshERP/issues/130

cve.org (CVE-2025-60800)

nvd.nist.gov (CVE-2025-60800)

Download JSON

Data based on CVE®. Copyright © 1999-2025, The MITRE Corporation. All rights reserved.