CVE-2025-1083

Name of the Vulnerable Software and Affected Versions Mindskip xzs-mysql 学之思开源考试系统 version 3.9.0

Description A problematic issue was found in the CORS Handler component, leading to a permissive cross-domain policy with untrusted domains. The attack can be launched remotely, but the complexity is rather high and the exploitation appears to be difficult. The issue has been publicly disclosed and the vendor was contacted but did not respond.

Recommendations For Mindskip xzs-mysql 学之思开源考试系统 version 3.9.0, consider restricting access to the CORS Handler component to minimize the risk of exploitation until a fix is available. As a temporary workaround, review and limit the cross-domain policy to trusted domains only.