CVE-2025-11080

Summary

A security vulnerability has been detected in zhuimengshaonian wisdom-education up to 1.0.4. This vulnerability affects the function selectStudentExamInfoList of the file src/main/java/com/education/api/controller/student/ExamInfoController.java. Such manipulation of the argument subjectId leads to improper authorization. It is possible to launch the attack remotely. The exploit has been disclosed publicly and may be used.

Affected Software

VendorProductVersion RangeStatus
zhuimengshaonianwisdom-education1.0.0affected
zhuimengshaonianwisdom-education1.0.1affected
zhuimengshaonianwisdom-education1.0.2affected
zhuimengshaonianwisdom-education1.0.3affected
zhuimengshaonianwisdom-education1.0.4affected

Weaknesses

  • CWE-285: Improper Authorization
  • CWE-266: Incorrect Privilege Assignment

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: poc
    • Automatable: no
    • Technical Impact: partial

References