CVE-2025-25953

Published: Mar 3, 2025Modified: Dec 12, 2025

6.5

Vector

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N

Exploitability: 1.2 / Impact: 5.2

Source: 134c704f-9b21-4f2e-91b3-4a467353bcc0 (Secondary)

Description

Serosoft Solutions Pvt Ltd Academia Student Information System (SIS) EagleR v1.0.118 was discovered to contain an Azure JWT access token exposure. This vulnerability allows authenticated attackers to escalate privileges and access sensitive information.

Affected (1)

Products: Serosoft: Academia Student Information System

1 product

Academia Student Information System

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Serosoft Academia Student Information System	Version eagler-1.0.118

Related CWEs

Missing Authorization

The product does not perform an authorization check when an actor attempts to access a resource or perform an action.

References (3)

https://github.com/VvV1per/Vulnerability-Research-CVEs/tree/main/CVE-2024-89640

Source: cve@mitre.org

Broken Link

https://github.com/VvV1per/Vulnerability-Research-CVEs/tree/main/CVE-2025-25953

Source: cve@mitre.org

Third Party Advisory

https://github.com/el-viper/cve-research/tree/main/CVEs/CVE-2025-25953

Source: cve@mitre.org

Timeline

No history available yet.