CVE-2025-48375

Schule is open-source school management system software. Prior to version 1.0.1, the file forgot_password.php (or equivalent endpoint responsible for email-based OTP generation) lacks proper rate limiting controls, allowing attackers to abuse the OTP request functionality. This vulnerability can be exploited to send an excessive number of OTP emails, leading to potential denial-of-service (DoS) conditions or facilitating user harassment through email flooding. Version 1.0.1 fixes the issue.

CVSS v3 5.3 MEDIUM

5.3^/10

CVSS v3 : MEDIUM

Vector :

Exploitability : 3.9 / Impact : 1.4

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact NONE

Integrity Impact NONE

Availability Impact LOW

Scope UNCHANGED

References

Link	Resource
https://github.com/schule111/Schule/security/advisories/GHSA-h3f2-mc85-67gc	Vendor Advisory Exploit

Configurations

Configuration 1 (hide)

cpe:2.3:a:schule111:schule_school_management_system:1.0.0:*:*:*:*:*:*:*

History

05 Sep 2025, 14:10

Type	Values Removed	Values Added
References	~~() https://github.com/schule111/Schule/security/advisories/GHSA-h3f2-mc85-67gc -~~	() https://github.com/schule111/Schule/security/advisories/GHSA-h3f2-mc85-67gc - Vendor Advisory, Exploit
CVSS	v2 : ~~unknown~~ v3 : ~~unknown~~	v2 : unknown v3 : 5.3
First Time		Schule111 Schule111 schule School Management System
CPE		cpe:2.3:a:schule111:schule_school_management_system:1.0.0:::::::*

28 May 2025, 14:58

Type	Values Removed	Values Added
New CVE

Information

Published : 2025-05-23 16:15

Updated : 2025-09-05 14:10

NVD link : CVE-2025-48375

Mitre link : CVE-2025-48375

CVE.ORG link : CVE-2025-48375

JSON object : View

Products Affected

schule111

schule_school_management_system

CWE

CWE-770

Allocation of Resources Without Limits or Throttling

{"id": "CVE-2025-48375", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 5.3, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "LOW", "privilegesRequired": "NONE", "confidentialityImpact": "NONE"}, "impactScore": 1.4, "exploitabilityScore": 3.9}], "cvssMetricV40": [{"type": "Secondary", "source": "security-advisories@github.com", "cvssData": {"Safety": "NOT_DEFINED", "version": "4.0", "Recovery": "NOT_DEFINED", "baseScore": 6.6, "Automatable": "NOT_DEFINED", "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "exploitMaturity": "UNREPORTED", "providerUrgency": "NOT_DEFINED", "userInteraction": "NONE", "attackComplexity": "LOW", "attackRequirements": "NONE", "privilegesRequired": "NONE", "subIntegrityImpact": "NONE", "vulnIntegrityImpact": "NONE", "integrityRequirement": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "subAvailabilityImpact": "NONE", "vulnAvailabilityImpact": "HIGH", "availabilityRequirement": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "subConfidentialityImpact": "NONE", "vulnConfidentialityImpact": "NONE", "confidentialityRequirement": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedSubIntegrityImpact": "NOT_DEFINED", "modifiedVulnIntegrityImpact": "NOT_DEFINED", "vulnerabilityResponseEffort": "NOT_DEFINED", "modifiedSubAvailabilityImpact": "NOT_DEFINED", "modifiedVulnAvailabilityImpact": "NOT_DEFINED", "modifiedSubConfidentialityImpact": "NOT_DEFINED", "modifiedVulnConfidentialityImpact": "NOT_DEFINED"}}]}, "published": "2025-05-23T16:15:27.113", "references": [{"url": "https://github.com/schule111/Schule/security/advisories/GHSA-h3f2-mc85-67gc", "tags": ["Vendor Advisory", "Exploit"], "source": "security-advisories@github.com"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "security-advisories@github.com", "description": [{"lang": "en", "value": "CWE-770"}]}], "descriptions": [{"lang": "en", "value": "Schule is open-source school management system software. Prior to version 1.0.1, the file forgot_password.php (or equivalent endpoint responsible for email-based OTP generation) lacks proper rate limiting controls, allowing attackers to abuse the OTP request functionality. This vulnerability can be exploited to send an excessive number of OTP emails, leading to potential denial-of-service (DoS) conditions or facilitating user harassment through email flooding. Version 1.0.1 fixes the issue."}, {"lang": "es", "value": "Schule es un software de gesti\u00f3n escolar de c\u00f3digo abierto. Antes de la versi\u00f3n 1.0.1, el archivo forgot_password.php (o el endpoint equivalente responsable de la generaci\u00f3n de OTP por correo electr\u00f3nico) carec\u00eda de controles adecuados para limitar la velocidad de respuesta, lo que permit\u00eda a los atacantes abusar de la funcionalidad de solicitud de OTP. Esta vulnerabilidad puede explotarse para enviar un n\u00famero excesivo de correos electr\u00f3nicos de OTP, lo que podr\u00eda generar denegaciones de servicio (DoS) o facilitar el acoso a los usuarios mediante la saturaci\u00f3n de correo electr\u00f3nico. La versi\u00f3n 1.0.1 corrige este problema."}], "lastModified": "2025-09-05T14:10:02.677", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:schule111:schule_school_management_system:1.0.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "BF1208E2-66F6-4530-9905-BCD22BD67ECF"}], "operator": "OR"}]}], "sourceIdentifier": "security-advisories@github.com"}