CVE-2025-34039 is a critical remote code execution vulnerability affecting Yonyou Co., Ltd.'s UFIDA NC product, version 6.5 and prior. The root cause is the exposure of the BeanShell testing servlet (bsh.servlet.BshServlet), which is included as part of a third-party JAR component bundled with the application. This servlet is accessible without any authentication or access control, allowing unauthenticated remote attackers to submit arbitrary Java code via the bsh.script parameter. Because BeanShell scripts can execute system commands, attackers can leverage this to perform OS command injection, leading to full system compromise. The vulnerability is classified under CWE-78 (Improper Neutralization of Special Elements used in an OS Command) and CWE-306 (Missing Authentication for Critical Function). The CVSS 4.0 score is 10.0 (critical), reflecting the ease of exploitation (network accessible, no authentication or user interaction required) and the high impact on confidentiality, integrity, and availability. Although no public exploits are currently known in the wild, the severity and simplicity of exploitation make this a highly urgent issue. The vulnerability affects installations where the BeanShell servlet remains exposed, which is often the case in default or improperly secured deployments of UFIDA NC v6.5 and earlier. Attackers can remotely execute arbitrary commands, potentially leading to data theft, service disruption, or use of the compromised server as a pivot point for further attacks within an organization’s network.

For European organizations using UFIDA NC, this vulnerability poses a severe risk. UFIDA NC is an enterprise resource planning (ERP) system widely used by large enterprises and government entities, particularly in sectors like manufacturing, finance, and public administration. Exploitation could lead to unauthorized access to sensitive business data, disruption of critical business processes, and potential regulatory non-compliance due to data breaches. The ability to execute arbitrary code remotely without authentication means attackers can deploy ransomware, steal intellectual property, or establish persistent footholds within corporate networks. Given the critical nature of ERP systems in business operations, successful exploitation could cause significant operational downtime and financial losses. Additionally, compromised servers could be leveraged to launch attacks on supply chains or partners, amplifying the impact. The lack of known exploits in the wild does not diminish the urgency, as the vulnerability’s characteristics make it a prime target for attackers once public awareness increases.

1. Immediate removal or disabling of the BeanShell testing servlet (bsh.servlet.BshServlet) from all UFIDA NC installations, especially in production environments. 2. If removal is not immediately feasible, restrict access to the servlet via network-level controls such as firewall rules or VPN-only access. 3. Apply strict authentication and authorization controls to any exposed management or testing interfaces. 4. Monitor network traffic and logs for suspicious requests targeting the bsh.servlet.BshServlet or unusual command execution patterns. 5. Conduct a thorough audit of all UFIDA NC instances to identify and remediate exposed servlets or other unnecessary services. 6. Engage with Yonyou Co., Ltd. for official patches or updates addressing this vulnerability and prioritize their deployment. 7. Implement application-layer web application firewalls (WAFs) with custom rules to detect and block attempts to exploit the bsh.script parameter. 8. Educate IT and security teams about this specific threat to ensure rapid detection and response. 9. Consider network segmentation to isolate critical ERP systems from less secure network zones to limit lateral movement in case of compromise.