CVE-2025-4807
Published: 16 May 2025
Summary
CVE-2025-4807 is a medium-severity Exposure of Information Through Directory Listing (CWE-548) vulnerability in Senior-Walter Online Student Clearance System. Its CVSS base score is 6.9 (Medium).
Operationally, exploitation aligns with the MITRE ATT&CK technique File and Directory Discovery (T1083); ranked in the top 17.9% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.
Deeper analysis
A vulnerability classified as problematic has been identified in SourceCodester Online Student Clearance System version 1.0. The issue stems from exposure of information through directory listing, associated with CWE-548, CWE-552, and CWE-22, and can be triggered remotely without authentication by manipulating an unspecified component.
Unauthenticated remote attackers can exploit the flaw to enumerate directory contents and obtain sensitive information about the application's file structure. The CVSS 4.0 score of 6.9 reflects network attack vector, low complexity, and limited confidentiality impact with no integrity or availability effects.
Public references including a GitHub disclosure and Vuldb entries indicate the exploit has been made available, but no vendor advisories or patch details are referenced. The EPSS score remains flat at a low 0.0159 with no observed increase since publication.
EU & UK References
- 🇪🇺 ENISA EUVD: EUVD-2025-15554
Vulnerability details
A vulnerability, which was classified as problematic, was found in SourceCodester Online Student Clearance System 1.0. This affects an unknown part. The manipulation leads to exposure of information through directory listing. It is possible to initiate the attack remotely. The…
more
exploit has been disclosed to the public and may be used.
- CWE(s)
Related Threats
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
Directory traversal and listing vulnerability enables File and Directory Discovery (T1083) by allowing unauthorized access and enumeration of server files and directories, as explicitly mapped in advisories.
Affected Assets
Mitigating Controls
Likely Mitigating Controls AI
Per-CVE control mapping for this CVE has not run yet; the list below is derived from the weakness types (CWEs) cited in the NVD entry.
Controls on authorized publication limit files and directories with nonpublic data from becoming accessible to external parties.
Detects information exposure through directory listings as unauthorized disclosure.
Controlling and documenting P2P file sharing prevents files and directories from being made accessible to external parties for unauthorized distribution.
Identifying and documenting file and directory locations allows restriction of access to external parties.
Protecting backup files ensures they are not accessible to external parties or unauthorized spheres.
Sanitizing equipment before off-site maintenance reduces the risk of files or directories containing sensitive data becoming accessible to external parties.
Policy restricts media access to authorized parties only, preventing exposure of resources to external or unauthorized actors.
Media access restrictions prevent files or directories from being accessible to external parties.