CVE-2025-25952

Summary

CVE-2025-25952 is a vulnerability affecting Serosoft Solutions Pvt Ltd Academia Student Information System (SIS) EagleR v1.0.118. This issue involves an Insecure Direct Object Reference (IDOR) in the /getStudentAllDetailsById?studentId=XX component. Attackers can exploit this flaw by crafting API requests to gain unauthorized access to sensitive user information. The impact of this vulnerability is significant, as it puts confidential student data at risk. Unfortunately, this IDOR issue has the potential to allow attackers to bypass access controls and access information they should not have been authorized to see. It is crucial that affected organizations address this vulnerability promptly to prevent potential data breaches.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.