Cyber Resilience

CVE-2025-7947

LowPublic PoC

Published: 22 July 2025

Published
22 July 2025
Modified
29 April 2026
KEV Added
Patch
CVSS Score v4 2.1 CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
EPSS Score 0.0041 61.9th percentile
Risk Priority 4 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2025-7947 is a low-severity Incorrect Privilege Assignment (CWE-266) vulnerability in Jishenghua Jsherp. Its CVSS base score is 2.1 (Low).

Operationally, exploitation aligns with the MITRE ATT&CK technique Exploitation for Privilege Escalation (T1068); ranked in the top 38.1% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.

The strongest mitigations our analysis identified are NIST 800-53 AC-3 (Access Enforcement) and AC-24 (Access Control Decisions).

Deeper analysis

CVE-2025-7947 is a critical improper authorization vulnerability in jshERP versions up to 3.5, affecting an unknown function within the /user/delete endpoint of the Account Handler component. The issue arises from manipulation of the ID argument, allowing unauthorized actions on user accounts. It has a CVSS v3.1 base score of 5.4 (AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L) and is linked to CWEs 266 (Incorrect Privilege Assignment), 285 (Improper Authorization), and 639 (Authorization Bypass Through User-Controlled Key). The vulnerability is remotely exploitable, with a proof-of-concept exploit publicly disclosed.

An attacker with low privileges, such as a standard authenticated user, can exploit this over the network with low complexity and no user interaction required. Successful exploitation enables limited integrity and availability impacts, potentially allowing unauthorized modifications or deletions of account data via the manipulated ID parameter, while confidentiality remains unaffected due to the unchanged scope.

Advisories and further details are available in referenced sources, including GitHub issue #124 in the jshERP repository (https://github.com/jishenghua/jshERP/issues/124) and VulDB entries (https://vuldb.com/?ctiid.317088, https://vuldb.com/?id.317088, https://vuldb.com/?submit.619276), which document the vulnerability disclosure and may include mitigation guidance or patch information.

EU & UK References

Vulnerability details

A vulnerability classified as critical has been found in jshERP up to 3.5. Affected is an unknown function of the file /user/delete of the component Account Handler. The manipulation of the argument ID leads to improper authorization. It is possible…

more

to launch the attack remotely. The exploit has been disclosed to the public and may be used.

CWE(s)

Related Threats

MITRE ATT&CK Enterprise TechniquesAI

T1068 Exploitation for Privilege Escalation Privilege Escalation
Adversaries may exploit software vulnerabilities in an attempt to elevate privileges.
T1531 Account Access Removal Impact
Adversaries may interrupt availability of system and network resources by inhibiting access to accounts utilized by legitimate users.
Why these techniques?

The IDOR vulnerability (CWE-285) in the /user/delete endpoint enables low-privileged authenticated users to exploit improper authorization for privilege escalation (T1068) by performing admin-level account deletions and facilitates account access removal (T1531) by allowing arbitrary account deletion via ID manipulation.

CVEs Like This One

CVE-2026-1546Same product: Jishenghua Jsherp
CVE-2025-51742Same product: Jishenghua Jsherp
CVE-2025-51746Same product: Jishenghua Jsherp
CVE-2025-51744Same product: Jishenghua Jsherp
CVE-2025-51743Same product: Jishenghua Jsherp
CVE-2025-60801Same product: Jishenghua Jsherp
CVE-2025-51745Same product: Jishenghua Jsherp
CVE-2026-0574Shared CWE-266, CWE-285
CVE-2026-2079Shared CWE-266, CWE-285
CVE-2026-2077Shared CWE-266, CWE-285

Affected Assets

jishenghua
jsherp
≤ 3.5

Mitigating Controls

Mitigating Controls (NIST 800-53 r5) AI

prevent

Directly enforces authorization checks on the /user/delete endpoint so that manipulation of the ID parameter cannot bypass intended account access restrictions.

prevent

Limits privileges of authenticated users so a low-privilege account cannot reach or affect other users' records via the vulnerable ID parameter.

prevent

Requires explicit access-control decisions to be made and enforced for each user ID supplied to the Account Handler, blocking the authorization bypass.

References