Description

Schule is open-source school management system software. The generateOTP() function generates a 4-digit numeric One-Time Password (OTP). Prior to version 1.0.1, even if a secure random number generator is used, the short length and limited range (1000–9999) results in only 9000 possible combinations. This small keyspace makes the OTP highly vulnerable to brute-force attacks, especially in the absence of strong rate-limiting or lockout mechanisms. Version 1.0.1 fixes the issue.

INFO

Published Date :

2025-05-22T20:38:02.463Z

Last Modified :

2025-05-23T13:56:37.894Z

Source :

GitHub_M
AFFECTED PRODUCTS

The following products are affected by CVE-2025-48372 vulnerability.

Vendors Products
Schule111
  • Schule School Management System
REFERENCES

Here, you will find a curated list of external links that provide in-depth information to CVE-2025-48372.

URL Resource
https://github.com/schule111/Schule/commit/cd53abbea93943f2c60a5281d45bebadc57636b7 cve-icon cve-icon
https://github.com/schule111/Schule/security/advisories/GHSA-6c48-67xx-vqgc cve-icon cve-icon
Login to claim this CVE

CVSS Vulnerability Scoring System

Detailed values of each vector for above chart.
Attack Vector
Attack Complexity
Attack Requirements
Privileges Required
User Interaction
VS Confidentiality
VS Integrity
VS Availability
SS Confidentiality
SS Integrity
SS Availability
Detailed values of each vector for above chart.
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality Impact
Integrity Impact
Availability Impact