CVE-2025-0625

  1. OpenCVE
  2. Vulnerabilities (CVE)
  3. CVE-2025-0625
A vulnerability, which was classified as problematic, was found in CampCodes School Management Software 1.0. This affects an unknown part of the component Attachment Handler. The manipulation leads to improper control of resource identifiers. It is possible to initiate the attack remotely. The complexity of an attack is rather high. The exploitability is told to be difficult. The exploit has been disclosed to the public and may be used.

3.1 /10

CVSS v3 : LOW

V3 Legend

Vector :

Exploitability : 1.6 / Impact : 1.4

Attack Vector NETWORK

Attack Complexity HIGH

Privileges Required LOW

User Interaction NONE

Confidentiality Impact LOW

Integrity Impact NONE

Availability Impact NONE

Scope UNCHANGED

2.1 /10

CVSS v2.0 : LOW

V2 Legend

Vector : AV:N/AC:H/Au:S/C:P/I:N/A:N

Exploitability : 3.9 / Impact : 2.9

Access Vector NETWORK

Access Complexity HIGH

Authentication SINGLE

Confidentiality Impact PARTIAL

Integrity Impact NONE

Availability Impact NONE

References
Link Resource
https://github.com/KhukuriRimal/Vulnerabilities/blob/main/Insecure%20Direct%20Object%20Reference%20(IDOR)%20-%20All%20Student%20Homework%20Downloadable.pdf Exploit Third Party Advisory
https://vuldb.com/?ctiid.292737 Permissions Required VDB Entry
https://vuldb.com/?id.292737 VDB Entry Third Party Advisory
https://vuldb.com/?submit.484917 Third Party Advisory VDB Entry
https://www.campcodes.com/ Product
https://github.com/KhukuriRimal/Vulnerabilities/blob/main/Insecure%20Direct%20Object%20Reference%20(IDOR)%20-%20All%20Student%20Homework%20Downloadable.pdf Exploit Third Party Advisory
Configurations

Configuration 1 (hide)

cpe:2.3:a:campcodes:school_management_software:1.0:*:*:*:*:*:*:*
History

28 Mar 2025, 19:14

Type Values Removed Values Added
CWE NVD-CWE-noinfo
Summary
  • (es) CampCodes School Management Software 1.0 se ha detectado una vulnerabilidad clasificada como problemática. Afecta a una parte desconocida del componente Attachment Handler. La manipulación conduce a un control inadecuado de los identificadores de recursos. Es posible iniciar el ataque de forma remota. La complejidad del ataque es bastante alta. Se dice que la explotación es difícil. El exploit se ha hecho público y puede utilizarse.
First Time Campcodes
Campcodes school Management Software
CPE cpe:2.3:a:campcodes:school_management_software:1.0:*:*:*:*:*:*:*
References () https://github.com/KhukuriRimal/Vulnerabilities/blob/main/Insecure%20Direct%20Object%20Reference%20(IDOR)%20-%20All%20Student%20Homework%20Downloadable.pdf - () https://github.com/KhukuriRimal/Vulnerabilities/blob/main/Insecure%20Direct%20Object%20Reference%20(IDOR)%20-%20All%20Student%20Homework%20Downloadable.pdf - Exploit, Third Party Advisory
References () https://vuldb.com/?ctiid.292737 - () https://vuldb.com/?ctiid.292737 - Permissions Required, VDB Entry
References () https://vuldb.com/?id.292737 - () https://vuldb.com/?id.292737 - VDB Entry, Third Party Advisory
References () https://vuldb.com/?submit.484917 - () https://vuldb.com/?submit.484917 - Third Party Advisory, VDB Entry
References () https://www.campcodes.com/ - () https://www.campcodes.com/ - Product

22 Jan 2025, 19:15

Type Values Removed Values Added
References () https://github.com/KhukuriRimal/Vulnerabilities/blob/main/Insecure%20Direct%20Object%20Reference%20(IDOR)%20-%20All%20Student%20Homework%20Downloadable.pdf - () https://github.com/KhukuriRimal/Vulnerabilities/blob/main/Insecure%20Direct%20Object%20Reference%20(IDOR)%20-%20All%20Student%20Homework%20Downloadable.pdf -

22 Jan 2025, 02:15

Type Values Removed Values Added
New CVE
Information

Published : 2025-01-22 02:15

Updated : 2025-03-28 19:14

NVD link : CVE-2025-0625

Mitre link : CVE-2025-0625

CVE.ORG link : CVE-2025-0625

JSON object : View

Products Affected

campcodes

  • school_management_software
CWE
CWE-99

Improper Control of Resource Identifiers ('Resource Injection')

NVD-CWE-noinfo