CVE-2025-8840 | jshERP up to 3.5 Endpoint deleteBatch ids improper authorization (Issue 126)

A vulnerability classified as critical has been found in jshERP up to 3.5. Affected is an unknown function of the file /jshERP-boot/user/deleteBatch of the component Endpoint. The manipulation of the argument ids leads to improper authorization.

This vulnerability is traded as CVE-2025-8840. It is possible to launch the attack remotely. Furthermore, there is an exploit available.

Different than CVE-2025-7947.VulDB Recent EntriesRead More