CVE-2025-67341 is a stored cross-site scripting (XSS) vulnerability identified in jshERP, an enterprise resource planning software, specifically affecting versions 3.5 and earlier. The vulnerability arises because the application allows attackers to upload PDF files that contain embedded XSS payloads. These malicious PDFs are then stored on the server and made accessible through static URLs without adequate access restrictions or content sanitization. When a user accesses such a PDF, the embedded script executes in the context of the victim's browser, potentially compromising session tokens, cookies, or other sensitive information. The attack vector requires the attacker to have the capability to upload files to the system, which may be possible through weak authentication or authorization controls. However, once uploaded, any user who accesses the URL can be affected, increasing the attack surface. The lack of a CVSS score indicates that the vulnerability is newly published and has not yet been fully assessed. No patches or known exploits are currently documented, but the vulnerability poses a significant risk due to the nature of stored XSS and the accessibility of the malicious files. The vulnerability highlights the need for secure file upload handling, including validation and sanitization of file contents and strict access controls on uploaded resources.

For European organizations using jshERP, this vulnerability could lead to significant security breaches. Attackers exploiting this flaw can execute arbitrary scripts in the context of legitimate users, potentially leading to session hijacking, theft of sensitive ERP data, unauthorized transactions, or further network compromise. Given that ERP systems often contain critical business data, financial information, and operational controls, the impact on confidentiality, integrity, and availability could be severe. The static URL access means that any user with the link can be targeted, increasing the risk of widespread exploitation within an organization. Additionally, if attackers gain upload privileges through compromised credentials or insufficient access controls, the threat escalates. The absence of known exploits in the wild currently limits immediate risk, but the vulnerability's presence in widely used ERP software means European enterprises, especially those in manufacturing, logistics, and finance sectors relying on jshERP, must be vigilant.

To mitigate this vulnerability, organizations should implement strict file upload controls, including limiting allowed file types and scanning uploaded files for malicious content. Employing content disarm and reconstruction (CDR) techniques on PDFs can help remove embedded scripts. Access to uploaded files should be restricted via authentication and authorization mechanisms to prevent public or unauthorized access to static URLs. Web application firewalls (WAFs) can be configured to detect and block XSS payloads in PDF files and HTTP requests. Monitoring and logging file upload activities can help detect suspicious behavior. Organizations should prioritize applying official patches or updates from jshERP vendors once available. In the interim, disabling or restricting file upload functionality where feasible can reduce exposure. User education on the risks of clicking unknown or suspicious links within the ERP environment is also recommended.