CVE-2025-8840
BaseFortify
Publication date: 2025-08-11
Last updated on: 2026-04-29
Assigner: VulDB
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| jishenghua | jsherp | 3.5 |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-285 | The product does not perform or incorrectly performs an authorization check when an actor attempts to access a resource or perform an action. |
| CWE-266 | A product incorrectly assigns a privilege to a particular actor, creating an unintended sphere of control for that actor. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
CVE-2025-8840 is an Insecure Direct Object Reference (IDOR) vulnerability in the jshERP application (up to version 3.5) affecting the /jshERP-boot/user/deleteBatch endpoint. This endpoint lacks proper authorization checks, allowing low-privilege authenticated users to manipulate the 'ids' argument and perform unauthorized actions such as resetting passwords or deleting multiple user accounts. Essentially, users can bypass tenant identity validation and impersonate tenant administrators, enabling them to execute privileged operations remotely without the necessary permissions. [1, 2, 3, 4]
How can this vulnerability impact me? :
This vulnerability can lead to unauthorized batch deletion of user accounts or unauthorized password resets by low-privilege users, compromising the integrity and availability of the system. Attackers can impersonate tenant administrators and perform privileged operations remotely, potentially disrupting user management and causing significant security risks within the affected jshERP environment. [1, 2, 3, 4]
How can this vulnerability be detected on my network or system? Can you suggest some commands?
This vulnerability can be detected by monitoring or testing access to the `/jshERP-boot/user/deleteBatch` endpoint for unauthorized usage. Since the vulnerability involves improper authorization on this endpoint, you can detect attempts by checking logs for requests to this endpoint from low-privilege users or unusual batch deletion activities. Commands to detect such activity might include inspecting web server logs or using tools like curl to test the endpoint's authorization enforcement. For example, you could use: `curl -X POST -d 'ids=...' http://<target>/jshERP-boot/user/deleteBatch` with a low-privilege user token to see if the request is improperly authorized. Additionally, monitoring network traffic for POST requests to this endpoint or unusual user deletion patterns can help detect exploitation attempts. [1, 3, 4]
What immediate steps should I take to mitigate this vulnerability?
Immediate mitigation steps include restricting access to the `/jshERP-boot/user/deleteBatch` endpoint to only trusted administrators and monitoring for suspicious activity targeting this endpoint. Since no known countermeasures or patches are currently available, it is recommended to replace the affected jshERP component with an alternative product or upgrade to a version that addresses this issue once available. Additionally, applying strict access controls, network segmentation, and enhanced monitoring can reduce the risk of exploitation until a fix is implemented. [4]