Ventem｜e-School – Missing Authorization_CVE-2025-8322

8.8 / 10

HIGH

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Description

The e-School from Ventem has a Missing Authorization vulnerability, allowing remote attackers with regular privilege to access administrator functions, including creating, modifying, and deleting accounts. They can even escalate any account to system administrator privilege.

Basic Information

ID CVE-2025-8322

Source twcert

Published Jul 30, 2025 at 02:49

Modified Jul 30, 2025 at 13:43

Affected Product

Vendor Ventem

Product e-School

Affected Versions Ventem e-School 0

CWE Classification

CWE-862

References

{
    "lastseen": "",
    "description": "The e-School from Ventem has a Missing Authorization vulnerability, allowing remote attackers with regular privilege to access administrator functions, including creating, modifying, and deleting accounts. They can even escalate any account to system administrator privilege.",
    "published": "2025-07-30T02:49:22.021Z",
    "modified": "2025-07-30T13:43:59.436Z",
    "type": "cve",
    "title": "Ventem\uff5ce-School - Missing Authorization",
    "source": "twcert",
    "references": "https://www.twcert.org.tw/tw/cp-132-10304-6b375-1.html\nhttps://www.twcert.org.tw/en/cp-139-10305-2eca0-2.html",
    "id": "CVE-2025-8322",
    "bulletinFamily": "",
    "cwe": [
        "CWE-862"
    ],
    "cvelist": null,
    "sourceData": "Ventem e-School 0",
    "sourceHref": "",
    "cvss": {
        "score": 8.8,
        "severity": "HIGH",
        "vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
        "version": "3.1"
    },
    "cvss2": [],
    "cvss3": {
        "version": "",
        "vectorString": "",
        "baseScore": 0,
        "baseSeverity": "",
        "attackVector": "",
        "attackComplexity": "",
        "privilegesRequired": "",
        "userInteraction": "",
        "scope": "",
        "confidentialityImpact": "",
        "integrityImpact": "",
        "availabilityImpact": "",
        "cvssV3": {
            "version": "",
            "vectorString": "",
            "baseScore": 0,
            "baseSeverity": "",
            "attackVector": "",
            "attackComplexity": "",
            "privilegesRequired": "",
            "userInteraction": "",
            "scope": "",
            "confidentialityImpact": "",
            "integrityImpact": "",
            "availabilityImpact": ""
        }
    },
    "href": "",
    "category_name": "CVE",
    "post_link": "",
    "product": "e-School",
    "version": "0",
    "vendor": "Ventem",
    "ai_description": "",
    "ai_severity": "",
    "ai_vendor": "",
    "ai_product": "",
    "ai_version": "",
    "ai_score": 0
}