CVE-2025-8322
HIGHVentem e-School - Missing Authorization for Administrator Functions
Title source: llmDescription
The e-School from Ventem has a Missing Authorization vulnerability, allowing remote attackers with regular privilege to access administrator functions, including creating, modifying, and deleting accounts. They can even escalate any account to system administrator privilege.
References (2)
Core 2
Core References
Various Sources third-party-advisory
https://www.twcert.org.tw/tw/cp-132-10304-6b375-1.html
Various Sources third-party-advisory
https://www.twcert.org.tw/en/cp-139-10305-2eca0-2.html
Scores
CVSS v3
8.8
EPSS
0.0035
EPSS Percentile
26.8%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
CISA SSVC
Vulnrichment
Exploitation
none
Automatable
no
Technical Impact
total
Details
CWE
CWE-862
Status
published
Products (1)
Ventem/e-School
Published
Jul 30, 2025
Tracked Since
Feb 18, 2026