CVE-2025-5522

HIGH

bskms 蓝天幼儿园管理系统 - Auth Bypass

Title source: llm

Description

A vulnerability was found in jack0240 魏 bskms 蓝天幼儿园管理系统 up to dffe6640b5b54d8e29da6f060e0493fea74b3fad. It has been rated as critical. Affected by this issue is some unknown functionality of the file /sa/addUser of the component User Creation Handler. The manipulation leads to improper authorization. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. Continious delivery with rolling releases is used by this product. Therefore, no version details of affected nor updated releases are available.

Exploits (1)

gitee 50 stars
by jack0240 · javawriteup
https://gitee.com/jack0240/bskms/issues/ICAOOU

References (4)

Scores

CVSS v3 7.3
EPSS 0.0025
EPSS Percentile 48.4%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L

Details

CWE
CWE-266 CWE-285
Status published
Products (1)
jack0240 魏/bskms 蓝天幼儿园管理系统 dffe6640b5b54d8e29da6f060e0493fea74b3fad
Published Jun 03, 2025
Tracked Since Feb 18, 2026