Cross-Site Scripting Vulnerability in Yonyou UFIDA ERP-NC
CVE-2025-2712

5.3MEDIUM

Key Information:

Vendor

Yonyou

Status
Ufida Erp-nc
Vendor
CVE Published:
24 March 2025

Badges

๐Ÿ‘พ Exploit Exists

What is CVE-2025-2712?

A security vulnerability in Yonyou UFIDA ERP-NC 5.0 has been identified, linked to the file /help/top.jsp. An attacker can exploit this vulnerability via manipulation of the langcode argument, potentially executing malicious scripts in the context of a user's session. The exploitation method allows for remote attacks, which can compromise user data and undermine system integrity. Despite early notification to the vendor regarding the disclosure, there has been no response or patch released to mitigate this risk.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

Affected Version(s)

UFIDA ERP-NC 5.0

References

https://vuldb.com/?id.300733
vdb-entrytechnical-description
https://vuldb.com/?ctiid.300733
signaturepermissions-required
https://github.com/Hebing123/cve/issues/86
exploitissue-tracking

CVSS V4

Score:
5.3
Severity:
MEDIUM
Confidentiality:
None
Integrity:
Low
Availability:
None
Attack Vector:
Network
Attack Complexity:
Low
Attack Required:
None
Privileges Required:
Undefined
User Interaction:
Unknown

Timeline

  • ๐ŸŸก

    Public PoC available

  • ๐Ÿ‘พ

    Exploit known to exist

  • Vulnerability published

JSON
.