CVE-2025-8322
8.8
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Summary
The e-School from Ventem has a Missing Authorization vulnerability, allowing remote attackers with regular privilege to access administrator functions, including creating, modifying, and deleting accounts. They can even escalate any account to system administrator privilege.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| Ventem | e-School | 0 | affected |
Weaknesses
- CWE-862: CWE-862 Missing Authorization
ADP Enrichment
CISA ADP Vulnrichment
- SSVC:
- Exploitation: none
- Automatable: no
- Technical Impact: total
References
- https://www.twcert.org.tw/tw/cp-132-10304-6b375-1.html
- https://www.twcert.org.tw/en/cp-139-10305-2eca0-2.html
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.