exploitDog

CVE-2025-25948

Опубликовано: 03 мар. 2025

Источник: nvd

CVSS3: 9.1

EPSS Низкий

Описание

Incorrect access control in the component /rest/staffResource/create of Serosoft Solutions Pvt Ltd Academia Student Information System (SIS) EagleR v1.0.118 allows create and modify user accounts, including an Administrator account.

Ссылки

https://github.com/VvV1per/Vulnerability-Research-CVEs/tree/main/CVE-2024-53637
Broken Link
https://github.com/VvV1per/Vulnerability-Research-CVEs/tree/main/CVE-2025-25948
Broken Link
https://github.com/el-viper/cve-research/tree/main/CVEs/CVE-2025-25948
Exploit
Mitigation
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:academiaerp:student_information_system:eagler-1.0.118:*:*:*:*:*:*:*

EPSS

Процентиль: 32%

0.00121

Низкий

9.1 Critical

CVSS3

Дефекты

CWE-284

Связанные уязвимости

GHSA-q269-fjx3-x255

CVSS3: 9.1

github

11 месяцев назад

Incorrect access control in the component /rest/staffResource/create of Serosoft Solutions Pvt Ltd Academia Student Information System (SIS) EagleR v1.0.118 allows create and modify user accounts, including an Administrator account.

EPSS

Процентиль: 32%

0.00121

Низкий

9.1 Critical

CVSS3

Дефекты

CWE-284