CVE-2025-7947

Source
https://cve.org/CVERecord?id=CVE-2025-7947
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2025-7947.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2025-7947
Published
2025-07-22T01:15:22.820Z
Modified
2026-03-15T14:53:30.705590Z
Severity
  • 8.1 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H CVSS Calculator
Summary
[none]
Details

A vulnerability classified as critical has been found in jshERP up to 3.5. Affected is an unknown function of the file /user/delete of the component Account Handler. The manipulation of the argument ID leads to improper authorization. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used.

References

Affected packages

Git / github.com/jishenghua/jsherp

Affected ranges

Type
GIT
Repo
https://github.com/jishenghua/jsherp
Events
Introduced
0 Unknown introduced commit / All previous commits are affected
Last affected
Database specific
{
    "versions": [
        {
            "introduced": "0"
        },
        {
            "last_affected": "3.5"
        }
    ]
}

Affected versions

v1.*
v1.0
v1.5
v2.*
v2.0
v2.1
v2.3
v2.3.1
v3.*
v3.0
v3.1
v3.2
v3.3
v3.5

Database specific

source
"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2025-7947.json"