PT-2025-9238 · Serosoft Solutions Pvt · Serosoft Solutions Pvt Ltd Academia Student Information System (Sis) Eagler
Ralph El Khoury
·
Published
2025-03-03
·
Updated
2025-12-12
·
CVE-2025-25948
CVSS v3.1
9.1
Critical
| Vector | AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N |
Name of the Vulnerable Software and Affected Versions
Serosoft Solutions Pvt Ltd Academia Student Information System (SIS) EagleR version 1.0.118
Description
The issue concerns incorrect access control in the
/rest/staffResource/create component, allowing the creation and modification of user accounts, including an Administrator account. This could potentially lead to unauthorized access and privilege escalation.Recommendations
For version 1.0.118, consider disabling access to the
/rest/staffResource/create component until a patch is available to prevent unauthorized account creation and modification. Restricting access to this component can help minimize the risk of exploitation. Additionally, monitor user account activity closely for any signs of unauthorized access or modifications.Exploit
Fix
Improper Access Control
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Serosoft Solutions Pvt Ltd Academia Student Information System (Sis) Eagler