CVE-2025-34039 is a critical security vulnerability identified in Yonyou Co., Ltd.'s UFIDA NC software, version 6.5 and prior. The root cause is the exposure of the BeanShell testing servlet (bsh.servlet.BshServlet), a component intended for testing and debugging, which is bundled as a third-party JAR within the application. This servlet is accessible without any authentication or access control, allowing unauthenticated remote attackers to submit arbitrary Java code through the bsh.script parameter. Because BeanShell interprets and executes Java code dynamically, attackers can leverage this to execute arbitrary system commands on the underlying server, effectively gaining full control over the affected system. The vulnerability is classified under CWE-306 (Missing Authentication for Critical Function), highlighting the absence of proper authentication mechanisms protecting a critical functionality. The CVSS 4.0 vector indicates network attack vector (AV:N), low attack complexity (AC:L), no privileges required (PR:N), no user interaction (UI:N), and high impact on confidentiality, integrity, and availability (VC:H/VI:H/VA:H). Exploitation evidence was observed by the Shadowserver Foundation in February 2025, confirming active attempts to exploit this flaw. No official patches were listed at the time of reporting, emphasizing the urgency for organizations to implement interim mitigations. This vulnerability is particularly dangerous because it allows remote code execution without any authentication or user interaction, making it trivially exploitable by attackers scanning for exposed endpoints. The affected product, UFIDA NC, is an enterprise resource planning (ERP) system widely used in various industries, increasing the potential impact of this vulnerability.

The impact of CVE-2025-34039 on European organizations can be severe. Successful exploitation allows attackers to execute arbitrary code remotely, leading to full system compromise. This can result in data breaches, theft of sensitive business information, disruption of critical business processes, and potential ransomware deployment. Given UFIDA NC's role as an ERP system, attackers could manipulate financial data, supply chain information, and other critical enterprise resources. The lack of authentication and ease of exploitation increase the likelihood of widespread attacks. Additionally, compromised systems could be used as footholds for lateral movement within corporate networks, escalating the scope of damage. The exposure of this vulnerability could also lead to regulatory compliance violations under GDPR if personal data is compromised, resulting in legal and financial penalties. European organizations relying on UFIDA NC must consider this vulnerability a critical threat to their operational security and data integrity.

To mitigate CVE-2025-34039, European organizations should immediately restrict network access to the BeanShell servlet endpoint (bsh.servlet.BshServlet) by implementing firewall rules or network segmentation to block unauthorized external and internal access. If possible, disable or remove the BeanShell testing servlet from the UFIDA NC installation entirely, as it is not intended for production use. Monitor network traffic and application logs for any suspicious requests targeting the bsh.script parameter to detect exploitation attempts early. Since no official patches were available at the time of reporting, organizations should engage with Yonyou Co., Ltd. for updates and apply any forthcoming security patches promptly. Employ application-layer firewalls or web application firewalls (WAFs) with custom rules to detect and block malicious payloads targeting this servlet. Conduct thorough vulnerability assessments and penetration testing to ensure no other similar unauthenticated endpoints exist. Finally, implement strict access controls and multi-factor authentication on all critical systems to limit the impact of potential breaches.