CVE-2025-51744

CVE-2025-51744

CVSS 9.8 CRITICALEPSS 0.4%CWE-502

An issue was discovered in jishenghua JSH_ERP 2.3.1. The /user/addUser endpoint is vulnerable to fastjson deserialization attacks.

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Productos afectados

¿Quieres saber si tu infraestructura está expuesta a esto?

Hablar con TrueHacking →

Referencias

https://blog.hackpax.top/jsh-erp3/https://gist.github.com/Paxsizy/cd1557aeba8093a8650601c4dbffb6f9 https://gitee.com/jishenghua https://gitee.com/jishenghua/JSH_ERP