CyberAlerts is shutting down on June 30th, 2025. Thank you for your support!

CVE-2025-0849: CampCodes School Management Software Staff edit-staff improper authorization

5.3 CVSS

Description

A vulnerability classified as critical has been found in CampCodes School Management Software 1.0. Affected is an unknown function of the file /edit-staff/ of the component Staff Handler. The manipulation leads to improper authorization. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. Es wurde eine kritische Schwachstelle in CampCodes School Management Software 1.0 entdeckt. Es geht dabei um eine nicht klar definierte Funktion der Datei /edit-staff/ der Komponente Staff Handler. Durch Manipulation mit unbekannten Daten kann eine improper authorization-Schwachstelle ausgenutzt werden. Der Angriff kann über das Netzwerk passieren. Der Exploit steht zur öffentlichen Verfügung.

Classification

CVE ID: CVE-2025-0849

CVSS Base Severity: MEDIUM

CVSS Base Score: 5.3

CVSS Vector: CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N

Affected Products

Vendor: CampCodes

Product: School Management Software

Exploit Prediction Scoring System (EPSS)

EPSS Score: 0.12% (probability of being exploited)

EPSS Percentile: 47.58% (scored less or equal to compared to others)

EPSS Date: 2025-02-28 (when was this score calculated)

References

https://vuldb.com/?id.294012
https://vuldb.com/?ctiid.294012
https://vuldb.com/?submit.487618
https://github.com/KhukuriRimal/Vulnerabilities/blob/main/Sensitive%20Super%20Admin%20Data%20Exposure%20and%20Unauthorized%20Data%20Update%20via%20IDOR%20(Teacher%20Role%20to%20Super%20Admin%20Role).pdf
https://www.campcodes.com/

Timeline

2025-01-31 00:30:21 UTC
CVE

CampCodes School Management Software Staff edit-staff improper authorization