CVE-2025-51744 identifies a security vulnerability in the jishenghua JSH_ERP version 2.3.1, specifically targeting the /user/addUser API endpoint. This endpoint uses the fastjson library for JSON deserialization, which is known to be vulnerable if improperly configured. The vulnerability allows an attacker to send specially crafted JSON payloads that exploit unsafe deserialization, potentially leading to remote code execution (RCE) or unauthorized actions within the ERP system. Fastjson deserialization vulnerabilities typically arise when the library is configured to auto-type or deserialize arbitrary classes without sufficient validation, enabling attackers to instantiate malicious objects. Although no public exploits have been reported, the nature of the vulnerability suggests a high risk if exploited. The ERP system is a critical business application, and compromise could lead to data breaches, manipulation of user accounts, or disruption of business processes. The lack of a CVSS score indicates that the vulnerability is newly published and not yet fully assessed. The vulnerability was reserved in June 2025 and published in November 2025, indicating recent discovery. No patches or mitigations have been officially released at the time of this report, increasing the urgency for organizations to implement interim controls. The vulnerability requires no authentication and can be triggered remotely via the exposed API endpoint, increasing its attack surface. The affected version is 2.3.1, but no other versions are specified, so organizations should verify their software versions. This vulnerability is categorized as a deserialization attack, a common and dangerous class of flaws in Java-based applications using fastjson.

For European organizations, the impact of CVE-2025-51744 could be significant, especially for those relying on jishenghua JSH_ERP 2.3.1 for enterprise resource planning. Successful exploitation could lead to remote code execution, allowing attackers to gain unauthorized access, manipulate sensitive business data, create or modify user accounts, and disrupt operational workflows. This could result in data breaches involving personal or financial information, intellectual property theft, and operational downtime. The ERP system's compromise could also affect supply chain management, manufacturing processes, and financial reporting, leading to regulatory compliance issues under GDPR and other European data protection laws. The vulnerability's remote and unauthenticated nature increases the risk of widespread exploitation, particularly if the ERP system is exposed to the internet or insufficiently segmented within corporate networks. Additionally, the lack of known exploits currently does not preclude future active exploitation, so proactive measures are critical. The impact extends beyond confidentiality to integrity and availability, potentially causing severe business disruption and reputational damage.

European organizations should immediately assess their exposure to jishenghua JSH_ERP 2.3.1 and the /user/addUser endpoint. Specific mitigation steps include: 1) Disable or restrict fastjson auto-type features or deserialization capabilities if configurable, to prevent unsafe object instantiation. 2) Implement strict input validation and sanitization on all JSON inputs to the vulnerable endpoint, rejecting unexpected or suspicious payloads. 3) Apply network segmentation and firewall rules to limit access to the ERP system's API endpoints only to trusted internal networks or VPN users. 4) Monitor logs and network traffic for anomalous requests targeting the /user/addUser endpoint, especially those containing unusual JSON structures. 5) Engage with the vendor or software maintainers to obtain patches or updates addressing this vulnerability as soon as they become available. 6) Consider deploying Web Application Firewalls (WAFs) with custom rules to detect and block deserialization attack patterns. 7) Conduct internal security assessments and penetration tests focusing on deserialization vulnerabilities. 8) Educate development and operations teams about the risks of unsafe deserialization and secure coding practices. These measures go beyond generic advice by focusing on configuration hardening, network controls, and proactive detection tailored to this vulnerability.