Vulnerability Details CVE-2025-55367
Incorrect access control in the component \controller\SupplierController.java of jshERP v3.5 allows unauthorized attackers to arbitrarily modify the supplier status under any account.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.0
EPSS Ranking 9.7%
CVSS Severity
CVSS v3 Score 5.3
References
Products affected by CVE-2025-55367
-
cpe:2.3:a:jishenghua:jsherp:3.5