CVE-2025-27583

CRITICAL

9.1

Beschreibung

Incorrect access control in the component /rest/staffResource/findAllUsersAcrossOrg of Serosoft Solutions Pvt Ltd Academia Student Information System (SIS) EagleR v1.0.118 allows create and modify user accounts, including an Administrator account.

CVE Details

CVSS v3.1 Bewertung9.1

SchweregradCRITICAL

CVSS VektorCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N

AngriffsvektorNETWORK

KomplexitatLOW

Erforderliche PrivilegienNONE

BenutzerinteraktionNONE

Veroffentlicht3/3/2025

Zuletzt geandert6/27/2025

Quellenvd

Honeypot-Sichtungen0

Betroffene Produkte

serosoft:academia_student_information_system

Schwachen (CWE)

CWE-862

Referenzen

https://github.com/VvV1per/Vulnerability-Research-CVEs/tree/main/CVE-2024-53637(cve@mitre.org)

IOC Korrelationen

Keine Korrelationen erfasst

This product uses data from the NVD API but is not endorsed or certified by the NVD.