CVE-2025-25950

Summary

CVE-2025-25950 is a critical access control vulnerability affecting Serosoft Solutions Pvt Ltd Academia Student Information System (SIS) EagleR version 1.0.118. The flaw, located in the /rest/staffResource/update component, enables unauthorized users to create and modify user accounts, including Administrator accounts, due to insufficient access checks. This vulnerability poses a significant risk, as attackers can leverage it to gain administrative control over the system and potentially steal sensitive data or cause disruption. It is essential that users of the SIS EagleR application update to a patched version to mitigate this risk.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.