{"dataType":"CVE_RECORD","dataVersion":"5.1","cveMetadata":{"cveId":"CVE-2025-3564","assignerOrgId":"1af790b2-7ee1-4545-860a-a788eba489b5","state":"PUBLISHED","assignerShortName":"VulDB","dateReserved":"2025-04-13T22:51:03.018Z","datePublished":"2025-04-14T11:31:05.131Z","dateUpdated":"2025-04-14T13:23:55.873Z"},"containers":{"cna":{"providerMetadata":{"orgId":"1af790b2-7ee1-4545-860a-a788eba489b5","shortName":"VulDB","dateUpdated":"2025-04-14T11:31:05.131Z"},"title":"huanfenz/code-projects StudentManager Teacher String improper authorization","problemTypes":[{"descriptions":[{"type":"CWE","cweId":"CWE-285","lang":"en","description":"Improper Authorization"}]},{"descriptions":[{"type":"CWE","cweId":"CWE-266","lang":"en","description":"Incorrect Privilege Assignment"}]}],"affected":[{"vendor":"huanfenz","product":"StudentManager","versions":[{"version":"1.0","status":"affected"}],"modules":["Teacher String Handler"]},{"vendor":"code-projects","product":"StudentManager","versions":[{"version":"1.0","status":"affected"}],"modules":["Teacher String Handler"]}],"descriptions":[{"lang":"en","value":"A vulnerability classified as problematic has been found in huanfenz/code-projects StudentManager up to 1.0. This affects an unknown part of the component Teacher String Handler. The manipulation leads to improper authorization. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way."},{"lang":"de","value":"Es wurde eine Schwachstelle in huanfenz/code-projects StudentManager bis 1.0 entdeckt. Sie wurde als problematisch eingestuft. Es betrifft eine unbekannte Funktion der Komponente Teacher String Handler. Durch Manipulation mit unbekannten Daten kann eine improper authorization-Schwachstelle ausgenutzt werden. Der Angriff kann über das Netzwerk erfolgen. Der Exploit steht zur öffentlichen Verfügung."}],"metrics":[{"cvssV4_0":{"version":"4.0","baseScore":5.3,"vectorString":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N","baseSeverity":"MEDIUM"}},{"cvssV3_1":{"version":"3.1","baseScore":4.3,"vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N","baseSeverity":"MEDIUM"}},{"cvssV3_0":{"version":"3.0","baseScore":4.3,"vectorString":"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N","baseSeverity":"MEDIUM"}},{"cvssV2_0":{"version":"2.0","baseScore":4,"vectorString":"AV:N/AC:L/Au:S/C:N/I:P/A:N"}}],"timeline":[{"time":"2025-04-13T02:00:00.000Z","lang":"en","value":"VulDB entry created"},{"time":"2025-04-14T00:00:00.000Z","lang":"en","value":"Advisory disclosed"},{"time":"2025-04-14T00:56:21.000Z","lang":"en","value":"VulDB entry last update"}],"credits":[{"lang":"en","value":"77cc (VulDB User)","type":"reporter"}],"references":[{"url":"https://vuldb.com/?id.304605","name":"VDB-304605 | huanfenz/code-projects StudentManager Teacher String improper authorization","tags":["vdb-entry"]},{"url":"https://vuldb.com/?ctiid.304605","name":"VDB-304605 | CTI Indicators (IOB, IOC, TTP)","tags":["signature","permissions-required"]},{"url":"https://vuldb.com/?submit.549309","name":"Submit #549309 | code-projects StudentManager 1.0 Privilege Escalation","tags":["third-party-advisory"]},{"url":"https://github.com/buluorifu/Vulnerability-recurrence/blob/main/Refer/StudentManager-authority.md","tags":["exploit"]}]},"adp":[{"metrics":[{"other":{"type":"ssvc","content":{"timestamp":"2025-04-14T13:23:43.686960Z","id":"CVE-2025-3564","options":[{"Exploitation":"poc"},{"Automatable":"no"},{"Technical Impact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}}],"title":"CISA ADP Vulnrichment","providerMetadata":{"orgId":"134c704f-9b21-4f2e-91b3-4a467353bcc0","shortName":"CISA-ADP","dateUpdated":"2025-04-14T13:23:55.873Z"}}]}}