Cyber Resilience

CVE-2025-25950

High

Published: 03 March 2025

Published
03 March 2025
Modified
12 December 2025
KEV Added
Patch
CVSS Score v3.1 8.1 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N
EPSS Score 0.0013 31.5th percentile
Risk Priority 16 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2025-25950 is a high-severity Improper Access Control (CWE-284) vulnerability in Serosoft Academia Student Information System. Its CVSS base score is 8.1 (High).

Operationally, exploitation aligns with the MITRE ATT&CK technique Exploitation for Privilege Escalation (T1068); ranked at the 31.5th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.

The strongest mitigations our analysis identified are NIST 800-53 AC-2 (Account Management) and AC-3 (Access Enforcement).

Deeper analysis

CVE-2025-25950 is an incorrect access control vulnerability affecting the /rest/staffResource/update component in Serosoft Solutions Pvt Ltd's Academia Student Information System (SIS) EagleR version 1.0.118. Published on 2025-03-03, the flaw enables unauthorized creation and modification of user accounts, including Administrator accounts, due to improper enforcement of access controls. It carries a CVSS v3.1 base score of 8.1 (AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N) and maps to CWE-284 (Improper Access Control).

The vulnerability can be exploited by a low-privileged (PR:L) authenticated user over the network (AV:N) with low attack complexity (AC:L) and no user interaction (UI:N). Exploitation allows the attacker to create or modify accounts, including escalating privileges to Administrator level, resulting in high impacts to confidentiality (C:H) and integrity (I:H) without affecting availability (A:N).

Vulnerability research, including potential proof-of-concepts, is documented in GitHub repositories such as https://github.com/VvV1per/Vulnerability-Research-CVEs/tree/main/CVE-2025-25950, https://github.com/VvV1per/Vulnerability-Research-CVEs/tree/main/CVE-2024-89637, and https://github.com/el-viper/cve-research/tree/main/CVEs/CVE-2025-25950. No official advisories or patches are referenced in available details.

EU & UK References

Vulnerability details

Incorrect access control in the component /rest/staffResource/update of Serosoft Solutions Pvt Ltd Academia Student Information System (SIS) EagleR v1.0.118 allows create and modify user accounts, including an Administrator account.

CWE(s)

Related Threats

MITRE ATT&CK Enterprise TechniquesAI

T1068 Exploitation for Privilege Escalation Privilege Escalation
Adversaries may exploit software vulnerabilities in an attempt to elevate privileges.
T1098 Account Manipulation Persistence
Adversaries may manipulate accounts to maintain and/or elevate access to victim systems.
T1136 Create Account Persistence
Adversaries may create an account to maintain access to victim systems.
T1190 Exploit Public-Facing Application Initial Access
Adversaries may attempt to exploit a weakness in an Internet-facing host or system to initially access a network.
Why these techniques?

Direct improper access control on account management REST endpoint enables unauthorized account creation/modification (T1136/T1098), resulting in privilege escalation (T1068) via exploitation of a network-exposed web application (T1190).

Confidence: HIGH · MITRE ATT&CK Enterprise v18.1

CVEs Like This One

CVE-2025-27583Same product: Serosoft Academia Student Information System
CVE-2025-25951Same product: Serosoft Academia Student Information System
CVE-2024-56898Shared CWE-284
CVE-2025-24968Shared CWE-284
CVE-2025-29315Shared CWE-284
CVE-2025-55261Shared CWE-284
CVE-2025-27646Shared CWE-284
CVE-2026-21636Shared CWE-284
CVE-2025-57130Shared CWE-284
CVE-2024-53348Shared CWE-284

Affected Assets

serosoft
academia student information system
eagler-1.0.118

Mitigating Controls

Mitigating Controls (NIST 800-53 r5) AI

prevent

Directly enforces approved authorizations to prevent low-privileged users from creating or modifying user accounts, including Administrator accounts, via the vulnerable /rest/staffResource/update endpoint.

prevent

Establishes processes for managing account creation, modification, and deletion to ensure only authorized entities can perform these actions, mitigating unauthorized account changes.

prevent

Enforces least privilege to restrict low-privileged users from accessing or executing high-privilege functions like account administration exploited in this vulnerability.

References