CVE-2025-11321

Name of the Vulnerable Software and Affected Versions zhuimengshaonian wisdom-education versions up to 1.0.4

Description A flaw exists in zhuimengshaonian wisdom-education that allows for authorization bypass. This occurs through manipulation of the subjectId argument within an unknown function located in the file src/main/java/com/education/api/controller/student/WrongBookController.java. The attack can be initiated remotely and the exploit is publicly available.

Recommendations Versions prior to 1.0.4 are affected. At the moment, there is no information about a newer version that contains a fix for this vulnerability.