CVE-2025-7948 | jshERP up to 3.5 updatePwd password recovery (Issue 123)

Inserito da Angelo Barbosa | Lug 21, 2025 | CVE

A vulnerability classified as problematic was found in jshERP up to 3.5. Affected by this vulnerability is an unknown functionality of the file /jshERP-boot/user/updatePwd. The manipulation leads to weak password recovery.

This vulnerability is known as CVE-2025-7948. The attack can be launched remotely. Furthermore, there is an exploit available.

CVE-2025-7948 | jshERP up to 3.5 updatePwd password recovery (Issue 123)

Post correlati

CVE-2024-6012 | Cost Calculator Builder Plugin up to 3.2.12 on WordPress authorization

CVE-2024-9499 | Silabs USBXpress Win 98SE Dev Kit up to 2.42 uncontrolled search path

CVE-2024-12340 | Animation Addons for Elementor Plugin up to 1.1.6 on WordPress Content Slider/Tabs Widget Elementor Template information disclosure

CVE-2024-12372 | Rockwell Automation PowerMonitor 1000 Remote heap-based overflow (icsa-24-352-03)