CVE-2025-25951
Published: 03 March 2025
Description
An information disclosure vulnerability in the component /rest/cb/executeBasicSearch of Serosoft Solutions Pvt Ltd Academia Student Information System (SIS) EagleR v1.0.118 allows attackers to access sensitive user information.
Security Summary
CVE-2025-25951 is an information disclosure vulnerability (CWE-200) affecting the /rest/cb/executeBasicSearch component in Serosoft Solutions Pvt Ltd Academia Student Information System (SIS) EagleR version 1.0.118. Published on 2025-03-03, it has a CVSS v3.1 base score of 7.5 (AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N), indicating high confidentiality impact with no effect on integrity or availability.
Unauthenticated attackers with network access can exploit this vulnerability with low complexity and no user interaction required. Successful exploitation allows them to access sensitive user information through the affected endpoint.
Vulnerability research details, including potential proof-of-concept information, are available in GitHub repositories such as https://github.com/VvV1per/Vulnerability-Research-CVEs/tree/main/CVE-2025-25951, https://github.com/VvV1per/Vulnerability-Research-CVEs/tree/main/CVE-2024-89638, and https://github.com/el-viper/cve-research/tree/main/CVEs/CVE-2025-25951. No official vendor advisories or patches are referenced in available information.
Details
- CWE(s)