TROYANOSYVIRUS
Voltar para CVEs

CVE-2025-27583

CRITICAL
9.1

Descricao

Incorrect access control in the component /rest/staffResource/findAllUsersAcrossOrg of Serosoft Solutions Pvt Ltd Academia Student Information System (SIS) EagleR v1.0.118 allows create and modify user accounts, including an Administrator account.

Detalhes CVE

Pontuacao CVSS v3.19.1
SeveridadeCRITICAL
Vetor CVSSCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
Vetor de ataqueNETWORK
ComplexidadeLOW
Privilegios necessariosNONE
Interacao do usuarioNONE
Publicado3/3/2025
Ultima modificacao6/27/2025
Fontenvd
Avistamentos honeypot0

Produtos afetados

serosoft:academia_student_information_system

Fraquezas (CWE)

CWE-862

Referencias

https://github.com/VvV1per/Vulnerability-Research-CVEs/tree/main/CVE-2024-53637(cve@mitre.org)

Correlacoes IOC

Sem correlacoes registradas

This product uses data from the NVD API but is not endorsed or certified by the NVD.