CVE-2025-29621

Francois Jacquet RosarioSIS v12.0.0 was discovered to contain a content spoofing vulnerability in the Theme configuration under the My Preferences module. This vulnerability allows attackers to manipulate application settings.

CVSS v3 7.3 HIGH

7.3^/10

CVSS v3 : HIGH

V3 Legend

Vector :

Exploitability : 3.9 / Impact : 3.4

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact LOW

Integrity Impact LOW

Availability Impact LOW

Scope UNCHANGED

References

Link	Resource
https://medium.com/@rudranshsinghrajpurohit/content-spoofing-vulnerability-in-rosariosis-student-information-system-f6101e1ff84d
https://www.getastra.com/blog/vulnerability/content-spoofing-vulnerability-in-rosariosis-student-information-system/

Configurations

No configuration.

History

23 Apr 2025, 14:08

Type	Values Removed	Values Added
Summary		(es) Se descubrió que Francois Jacquet RosarioSIS v12.0.0 contenía una vulnerabilidad de suplantación de contenido en la configuración del tema, dentro del módulo Mis preferencias. Esta vulnerabilidad permite a los atacantes manipular la configuración de la aplicación.

22 Apr 2025, 21:15

Type	Values Removed	Values Added
CWE		CWE-290
CVSS	v2 : ~~unknown~~ v3 : ~~unknown~~	v2 : unknown v3 : 7.3

22 Apr 2025, 19:15

Type	Values Removed	Values Added
New CVE

Information

Published : 2025-04-22 19:15

Updated : 2025-04-23 14:08

NVD link : CVE-2025-29621

Mitre link : CVE-2025-29621

CVE.ORG link : CVE-2025-29621

JSON object : View

Products Affected

No product.

CWE

CWE-290

Authentication Bypass by Spoofing

7.3 /10