CVE-2025-11661
HIGHoranbyte School Management System - Improper Authentication
Title source: llmDescription
A vulnerability was found in ProjectsAndPrograms School Management System up to 6b6fae5426044f89c08d0dd101c7fa71f9042a59. This affects an unknown part. Performing manipulation results in missing authentication. The attack is possible to be carried out remotely. The exploit has been made public and could be used. This product adopts a rolling release strategy to maintain continuous delivery
References (4)
Core 4
Core References
Third Party Advisory, VDB Entry vdb-entry
https://vuldb.com/?id.328078
Permissions Required, VDB Entry signature
permissions-required
https://vuldb.com/?ctiid.328078
Third Party Advisory, VDB Entry third-party-advisory
https://vuldb.com/?submit.665611
Exploit, Issue Tracking, Mitigation, Third Party Advisory exploit
issue-tracking
https://github.com/qqy-123/cve/issues/6
Scores
CVSS v3
7.3
EPSS
0.0056
EPSS Percentile
42.1%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
CISA SSVC
Vulnrichment
Exploitation
poc
Automatable
yes
Technical Impact
partial
Details
CWE
CWE-287
CWE-306
Status
published
Products (1)
oranbyte/school_management_system
1.0
Published
Oct 13, 2025
Tracked Since
Feb 18, 2026