CVE-2025-11321

Summary

A vulnerability was detected in zhuimengshaonian wisdom-education up to 1.0.4. The affected element is an unknown function of the file src/main/java/com/education/api/controller/student/WrongBookController.java. Performing manipulation of the argument subjectId results in authorization bypass. The attack can be initiated remotely. The exploit is now public and may be used.

Affected Software

VendorProductVersion RangeStatus
zhuimengshaonianwisdom-education1.0.0affected
zhuimengshaonianwisdom-education1.0.1affected
zhuimengshaonianwisdom-education1.0.2affected
zhuimengshaonianwisdom-education1.0.3affected
zhuimengshaonianwisdom-education1.0.4affected

Weaknesses

  • CWE-639: Authorization Bypass
  • CWE-285: Improper Authorization

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: poc
    • Automatable: no
    • Technical Impact: partial

References