Improper Authorization in ZeroWdd/code-projects StudentManager Product
CVE-2025-3587

8.8HIGH

Key Information:

Vendor: ZeroWdd
Status: StudentManager
Vendor: CVE Published:; 14 April 2025

What is CVE-2025-3587?

A vulnerability has been identified in version 1.0 of ZeroWdd's StudentManager, where improper authorization can occur in the /getTeacherList endpoint. This flaw allows unauthorized users to access sensitive information or perform actions without proper permissions. The vulnerability can be exploited remotely, posing a significant risk to the integrity and confidentiality of the data. It is crucial for users of this product to review their security measures and implement necessary patches to mitigate potential threats.

References

https://github.com/buluorifu/Vulnerability-recurrence/blo...

https://vuldb.com/?ctiid.304642

CVSS V3.1

Score:

8.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Apr 14, 2025