Vulnerability Details CVE-2025-60800
Incorrect access control in the /jshERP-boot/user/info interface of jshERP up to commit 90c411a allows attackers to access sensitive information via a crafted GET request.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.001
EPSS Ranking 17.2%
CVSS Severity
CVSS v3 Score 7.5
Products affected by CVE-2025-60800
-
cpe:2.3:a:jishenghua:jsherp:1.0
-
cpe:2.3:a:jishenghua:jsherp:1.5
-
cpe:2.3:a:jishenghua:jsherp:2.0
-
cpe:2.3:a:jishenghua:jsherp:2.1
-
cpe:2.3:a:jishenghua:jsherp:2.3
-
cpe:2.3:a:jishenghua:jsherp:2.3.1
-
cpe:2.3:a:jishenghua:jsherp:3.0
-
cpe:2.3:a:jishenghua:jsherp:3.1
-
cpe:2.3:a:jishenghua:jsherp:3.3
-
cpe:2.3:a:jishenghua:jsherp:3.5
-
cpe:2.3:a:jishenghua:jsherp:3.6