CVE-2025-48373

Name of the Vulnerable Software and Affected Versions Schule versions prior to 1.0.1

Description The issue concerns the Schule open-source school management system software, which relies on client-side JavaScript to redirect users to different panels based on their role. This implementation poses a security risk because it assumes the value of data.role is trustworthy on the client side. Attackers can manipulate JavaScript in the browser and set data.role to any arbitrary value, gaining unauthorized access to restricted areas of the application.

Recommendations For versions prior to 1.0.1, update to version 1.0.1 or later to resolve the issue. As a temporary workaround, consider implementing server-side validation of user roles to prevent unauthorized access. Restrict access to sensitive areas of the application until the update is applied.