CVE-2025-25952

Published: Mar 3, 2025Modified: Dec 12, 2025

6.5

Vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

Exploitability: 2.8 / Impact: 3.6

Source: 134c704f-9b21-4f2e-91b3-4a467353bcc0 (Secondary)

Description

An Insecure Direct Object References (IDOR) in the component /getStudemtAllDetailsById?studentId=XX of Serosoft Solutions Pvt Ltd Academia Student Information System (SIS) EagleR v1.0.118 allows attackers to access sensitive user information via a crafted API request.

Affected (1)

Products: Serosoft: Academia Student Information System

1 product

Academia Student Information System

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Serosoft Academia Student Information System	Version eagler-1.0.118

Related CWEs

Authorization Bypass Through User-Controlled Key

The system's authorization functionality does not prevent one user from gaining access to another user's data or record by modifying the key value identifying the data.

References (3)

https://github.com/VvV1per/Vulnerability-Research-CVEs/tree/main/CVE-2024-89639

Source: cve@mitre.org

Broken LinkNot Applicable

https://github.com/VvV1per/Vulnerability-Research-CVEs/tree/main/CVE-2025-25952

Source: cve@mitre.org

Third Party Advisory

https://github.com/el-viper/cve-research/tree/main/CVEs/CVE-2025-25952

Source: cve@mitre.org

Timeline

No history available yet.