CVE Details
Basic Information
| Title |
CVE-2025-48372 |
| Type |
cve |
| Published |
2025-05-22T21:15:36 |
| Last Seen |
2025-05-22T21:23:09 |
CVSS Information
| Base Score |
0.0 () |
| Attack Vector |
|
| Attack Complexity |
|
| Privileges Required |
|
| User Interaction |
|
| Scope |
|
| Confidentiality Impact |
|
| Integrity Impact |
|
| Availability Impact |
|
AI Analysis
| AI Description |
|
| AI Severity |
|
| Vendor |
|
| Product |
|
| Affected Version |
|
Additional Information
| CVE List |
CVE-2025-48372 |
| CWE List |
CWE-521 |
| Bulletin Family |
cve |
Description
Schule is open-source school management system software. The generateOTP() function generates a 4-digit numeric One-Time Password (OTP). Prior to version 1.0.1, even if a secure random number generator is used, the short length and limited range (1000–9999) results in only 9000 possible combinations. This small keyspace makes the OTP highly vulnerable to brute-force attacks, especially in the absence of strong rate-limiting or lockout mechanisms. Version 1.0.1 fixes the issue.
CVSS Score Summary
Base Score: %!f(string=#) ()
View Full CVE Details
