Security Flaw in yungifez Skuul School Management System's Fee Invoice Component
CVE-2025-12918

2.3LOW

Key Information:

Vendor

Yungifez

Status
Skuul School Management System
Vendor
CVE Published:
9 November 2025

Badges

👾 Exploit Exists🟡 Public PoC

What is CVE-2025-12918?

A security issue has been identified in the yungifez Skuul School Management System that affects the View Fee Invoice component. Specifically, the vulnerability arises from an improper control of resource identifiers within an unknown function located in the file /dashboard/fees/fee-invoices/. Manipulation of the 'invoice_id' argument can lead to unauthorized access, allowing remote exploitation. Although the complexity required to exploit this vulnerability is deemed high, the risk remains significant, especially given that the exploit has been publicly disclosed. The vendor has been contacted regarding this issue but has failed to provide any response.

Affected Version(s)

Skuul School Management System 2.6.0

Skuul School Management System 2.6.1

Skuul School Management System 2.6.2

Exploit Proof of Concept (PoC)

PoC code is written by security researchers to demonstrate the vulnerability can be exploited. PoC code is also a key component for weaponization which could lead to ransomware.

CVE-2025-12918 - Proof of Concept

References

https://vuldb.com/?id.331636
vdb-entrytechnical-description
https://vuldb.com/?ctiid.331636
signaturepermissions-required
https://vuldb.com/?submit.680686
third-party-advisory

CVSS V4

Score:
2.3
Severity:
LOW
Confidentiality:
Low
Integrity:
None
Availability:
None
Attack Vector:
Network
Attack Complexity:
High
Attack Required:
None
Privileges Required:
Undefined
User Interaction:
None

Timeline

  • 🟡

    Public PoC available

  • 👾

    Exploit known to exist

  • Vulnerability published

  • Vulnerability Reserved

Credit

Zeeshan Khan (VulDB User)
JSON
.
CVE-2025-12918 : Security Flaw in yungifez Skuul School Management System's Fee Invoice Component