CVE-2025-51742
25.11.2025, 20:15
An issue was discovered in jishenghua JSH_ERP 2.3.1. The /material/getMaterialEnableSerialNumberList endpoint passes the search query parameter directly to parseObject(), introducing a Fastjson deserialization vulnerability that can lead to RCE via JDBC payloads.Enginsight
| Vendor | Product | Version |
|---|---|---|
| jishenghua | jsherp | 𝑥 ≤ 2.3.1 |
𝑥
= Vulnerable software versions
Common Weakness Enumeration