Is there a public PoC exploit available for CVE-2025-7948?

Yes, a public proof-of-concept exploit is available for CVE-2025-7948. Prioritise patching immediately. EPSS: 0.1%.

jshERP CVE-2025-7948

Q: What is the CVSS score of CVE-2025-7948?

CVE-2025-7948 has a CVSS 4.0 base score of 2.1 (Low). CVSS vector: CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X. EPSS exploitation probability: 0.1%.

LOW

Weak Password Recovery Mechanism for Forgotten Password (CWE-640)

2025-07-22 cna@vuldb.com

Information Disclosure Jsherp

2.1

CVSS 4.0 · NVD

Severity by source

NVD PRIMARY

2.1 LOW

CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

Attack Vector

Network

Attack Complexity

Low

Privileges Required

Low

User Interaction

None

Scope

Lifecycle Timeline

Analysis Generated

Apr 29, 2026 - 01:29 vuln.today

DescriptionCVE.org

A vulnerability classified as problematic was found in jshERP up to 3.5. Affected by this vulnerability is an unknown functionality of the file /jshERP-boot/user/updatePwd. The manipulation leads to weak password recovery. The attack can be launched remotely. The exploit has been disclosed to the public and may be used.

AnalysisAI

Weak password recovery in jshERP up to version 3.5 allows authenticated remote attackers to compromise user accounts via the /jshERP-boot/user/updatePwd endpoint. The vulnerability enables password reset functionality without adequate protection mechanisms, classified as problematic with CVSS 2.1 and EPSS 0.06%. Publicly available exploit code exists but active exploitation remains unconfirmed.

Technical ContextAI

jshERP is an open-source enterprise resource planning (ERP) system written in Java. The vulnerability resides in the user password update functionality at the /jshERP-boot/user/updatePwd endpoint. CWE-640 (Weak Password Recovery Mechanism in Authentication) indicates the root cause: the application fails to implement adequate validation or authorization controls for password reset requests, allowing authenticated users to modify passwords without proper verification of identity or authorization. The affected component processes password change requests over the network (AV:N) without requiring complex conditions (AC:L), making the exploitation straightforward for any authenticated user.

RemediationAI

Upgrade jshERP to the latest available version beyond 3.5 immediately; consult the official jishenghua/jshERP GitHub repository for confirmed patched releases (referenced at https://github.com/jishenghua/jshERP/issues/123). If upgrade is not immediately possible, implement compensating controls: enforce multi-factor authentication (MFA) for all user account access to reduce lateral movement risk from password compromise; restrict access to the /jshERP-boot/user/updatePwd endpoint via network-level access controls (firewall rules, reverse proxy authentication), allowing only administrative IPs; enable audit logging for all password change requests to detect suspicious activity; require administrative approval for password resets initiated by users with low privileges. Each control carries trade-offs: MFA increases operational overhead, network restrictions may complicate remote access scenarios, and mandatory approval workflows delay legitimate password recovery.

CVE-2025-7948 vulnerability details – vuln.today

Back