CVE-2025-25949

MEDIUM

Academiaerp Student Information System - XSS

Title source: rule

Description

A stored cross-site scripting (XSS) vulnerability in Serosoft Solutions Pvt Ltd Academia Student Information System (SIS) EagleR v1.0.118 allows attackers to execute arbitrary web scripts or HTML via injecting a crafted payload into the User ID parameter at /rest/staffResource/update.

References (3)

Core 3

Core References

Broken Link

https://github.com/VvV1per/Vulnerability-Research-CVEs/tree/main/CVE-2024-89636

Broken Link

https://github.com/VvV1per/Vulnerability-Research-CVEs/tree/main/CVE-2025-25949

Exploit, Mitigation, Third Party Advisory

https://github.com/el-viper/cve-research/tree/main/CVEs/CVE-2025-25949

View Exploit ZIP pw:eip

Scores

CVSS v3 5.4

EPSS 0.0014

EPSS Percentile 34.0%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

CISA SSVC

Vulnrichment

Exploitation none

Automatable no

Technical Impact partial

Details

CWE

CWE-79

Status published

Products (1)

academiaerp/student_information_system eagler-1.0.118

Published Mar 03, 2025

Tracked Since Feb 18, 2026