Security Advisory

CVE-2025-51742

CVE vulnerability detail — eXtreme Datacenter Security Operations

Published 2025-11-25 00:00:00
Last updated 2025-11-26 14:38:22
Assigner mitre
State PUBLISHED

Description

An issue was discovered in jishenghua JSH_ERP 2.3.1. The /material/getMaterialEnableSerialNumberList endpoint passes the search query parameter directly to parseObject(), introducing a Fastjson deserialization vulnerability that can lead to RCE via JDBC payloads.