Zhiyou-Group Zhiyou Erp vulnerabilities
3 known vulnerabilities affecting zhiyou-group/zhiyou_erp.
Total CVEs
3
CISA KEV
0
Public exploits
0
Exploited in wild
0
Severity breakdown
CRITICAL3
Vulnerabilities
Page 1 of 1
CVE-2025-11140P2CRITICALCVSS 9.8≤ 11.02025-09-29
CVE-2025-11140 [CRITICAL] CWE-610 CVE-2025-11140: A vulnerability was identified in Bjskzy Zhiyou ERP up to 11.0. Affected by this vulnerability is th
A vulnerability was identified in Bjskzy Zhiyou ERP up to 11.0. Affected by this vulnerability is the function openForm of the component com.artery.richclient.RichClientService. Such manipulation of the argument contentString leads to xml external entity reference. The attack can be executed remotely. The exploit is publicly available and might be
nvd
CVE-2025-11139P3CRITICALCVSS 9.8≤ 11.02025-09-29
CVE-2025-11139 [CRITICAL] CWE-22 CVE-2025-11139: A vulnerability was determined in Bjskzy Zhiyou ERP up to 11.0. Affected is the function uploadStudi
A vulnerability was determined in Bjskzy Zhiyou ERP up to 11.0. Affected is the function uploadStudioFile of the component com.artery.form.services.FormStudioUpdater. This manipulation of the argument filepath causes path traversal. Remote exploitation of the attack is possible. The exploit has been publicly disclosed and may be utilized. The vendo
nvd
CVE-2025-9391P3CRITICALCVSS 9.8≤ 11.02025-08-24
CVE-2025-9391 [CRITICAL] CWE-74 CVE-2025-9391: A weakness has been identified in Bjskzy Zhiyou ERP up to 11.0. Affected by this issue is the functi
A weakness has been identified in Bjskzy Zhiyou ERP up to 11.0. Affected by this issue is the function getFieldValue of the component com.artery.workflow.ServiceImpl. This manipulation of the argument sql causes sql injection. The attack may be initiated remotely. The exploit has been made available to the public and could be exploited. The vendor wa
nvd