Cross-Site Scripting Vulnerability in Yonyou UFIDA ERP-NC
CVE-2025-2712

5.3MEDIUM

Key Information:

Vendor

Yonyou

Status
Ufida Erp-nc
Vendor
CVE Published:
24 March 2025

Badges

👾 Exploit Exists

What is CVE-2025-2712?

A security vulnerability in Yonyou UFIDA ERP-NC 5.0 has been identified, linked to the file /help/top.jsp. An attacker can exploit this vulnerability via manipulation of the langcode argument, potentially executing malicious scripts in the context of a user's session. The exploitation method allows for remote attacks, which can compromise user data and undermine system integrity. Despite early notification to the vendor regarding the disclosure, there has been no response or patch released to mitigate this risk.

Affected Version(s)

UFIDA ERP-NC 5.0

References

https://vuldb.com/?id.300733
vdb-entrytechnical-description
https://vuldb.com/?ctiid.300733
signaturepermissions-required
https://github.com/Hebing123/cve/issues/86
exploitissue-tracking

CVSS V4

Score:
5.3
Severity:
MEDIUM
Confidentiality:
None
Integrity:
Low
Availability:
None
Attack Vector:
Network
Attack Complexity:
Low
Attack Required:
None
Privileges Required:
Undefined
User Interaction:
Unknown

Timeline

  • 🟡

    Public PoC available

  • 👾

    Exploit known to exist

  • Vulnerability published

.