CVE-2025-1144

Critical

Published: 11 February 2025

Published

11 February 2025

Modified

15 April 2026

KEV Added

—

Patch

—

CVSS Score 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

EPSS Score 0.0035 57.3th percentile

Risk Priority 20 60% EPSS · 20% KEV · 20% CVSS

Description

School Affairs System from Quanxun has an Exposure of Sensitive Information, allowing unauthenticated attackers to view specific pages and obtain database information as well as plaintext administrator credentials.

Security Summary

CVE-2025-1144, published on 2025-02-11, is a critical vulnerability (CVSS 9.8, CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H) in the School Affairs System from Quanxun. Classified under CWE-497 (Exposure of Sensitive Information), it enables unauthenticated attackers to access specific pages, exposing database information and plaintext administrator credentials.

Remote unauthenticated attackers can exploit this vulnerability over the network with low attack complexity and no user interaction required. Exploitation grants access to sensitive database contents and administrator credentials in plaintext, resulting in high impacts to confidentiality, integrity, and availability.

Advisories from TWCERT provide further details on the vulnerability, available at https://www.twcert.org.tw/en/cp-139-8416-b6cba-2.html and https://www.twcert.org.tw/tw/cp-132-8415-853e0-1.html.

Details

CWE(s): CWE-497

References

https://www.twcert.org.tw/en/cp-139-8416-b6cba-2.html
twcert@cert.org.tw
https://www.twcert.org.tw/tw/cp-132-8415-853e0-1.html
twcert@cert.org.tw