CVE-2025-25948
Published: 03 March 2025
Description
Incorrect access control in the component /rest/staffResource/create of Serosoft Solutions Pvt Ltd Academia Student Information System (SIS) EagleR v1.0.118 allows create and modify user accounts, including an Administrator account.
Security Summary
CVE-2025-25948 is an incorrect access control vulnerability in the /rest/staffResource/create component of Serosoft Solutions Pvt Ltd Academia Student Information System (SIS) EagleR version 1.0.118. Published on 2025-03-03, it stems from CWE-284 (Improper Access Control) and has a CVSS v3.1 base score of 9.1 (AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N), indicating critical severity due to high impacts on confidentiality and integrity with no availability disruption.
Unauthenticated attackers (PR:N) can exploit this vulnerability remotely over the network (AV:N) with low complexity (AC:L) and no user interaction (UI:N). Successful exploitation allows attackers to create and modify user accounts, including Administrator accounts, potentially granting full unauthorized access to the system and enabling further compromise of sensitive student information or administrative functions.
References point to GitHub repositories containing vulnerability research, including proof-of-concept details at https://github.com/VvV1per/Vulnerability-Research-CVEs/tree/main/CVE-2025-25948, https://github.com/VvV1per/Vulnerability-Research-CVEs/tree/main/CVE-2024-53637, and https://github.com/el-viper/cve-research/tree/main/CVEs/CVE-2025-25948. No official vendor advisories or patches are detailed in available information.
Details
- CWE(s)