CVE-2025-13785 – This vulnerability in yungifez Skuul School Man... (How to Fix)

Q: What is the severity of CVE-2025-13785?

CVE-2025-13785 has a CVSS score of 4.3 (MEDIUM). This vulnerability in yungifez Skuul School Management System allows remote attackers to access sensitive information through improper handling of image files in the user profile component. It affects all installations up to version 2.6.5. The vulnerability enables unauthorized information disclosure without authentication.

📋 TL;DR

This vulnerability in yungifez Skuul School Management System allows remote attackers to access sensitive information through improper handling of image files in the user profile component. It affects all installations up to version 2.6.5. The vulnerability enables unauthorized information disclosure without authentication.

💻 Affected Systems

Products:

yungifez Skuul School Management System

Versions: Up to and including 2.6.5

Operating Systems: All platforms running the web application

Default Config Vulnerable: ⚠️ Yes

Notes: All installations with the vulnerable component enabled are affected. The Image Handler component in /user/profile is vulnerable by default.

📦 What is this software?

Skuul by Yungifez

View all CVEs affecting Skuul →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Attackers could access sensitive student/teacher personal information, academic records, or system configuration data leading to privacy violations and potential identity theft.

🟠

Likely Case

Unauthorized access to user profile information including names, email addresses, and potentially other personal data stored in the system.

🟢

If Mitigated

Limited exposure of non-critical system information or metadata with proper access controls and network segmentation.

🌐 Internet-Facing: HIGH

🏢 Internal Only: MEDIUM

🎯 Exploit Status

Public PoC: ⚠️ Yes

Weaponized: LIKELY

Unauthenticated Exploit: ⚠️ Yes

Complexity: LOW

Public exploit code is available on GitHub. The vulnerability requires no authentication and can be exploited remotely with simple HTTP requests.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Unknown

Vendor Advisory: None available

Restart Required: No

Instructions:

No official patch available. Vendor has not responded to disclosure. Consider upgrading to any version above 2.6.5 if available, or implement workarounds.

🔧 Temporary Workarounds

Restrict access to /user/profile endpoint

all

Block or restrict access to the vulnerable endpoint using web application firewall or server configuration

# Apache: RewriteRule ^/user/profile.* - [F]
# Nginx: location ~ ^/user/profile { deny all; }

Disable Image Handler component

all

Temporarily disable the vulnerable image processing functionality

# Modify application configuration to disable image uploads in user profiles

🧯 If You Can't Patch

Implement strict network access controls to limit exposure to trusted IP addresses only
Deploy a web application firewall with rules to detect and block exploitation attempts

🔍 How to Verify

Check if Vulnerable:

Check if system version is 2.6.5 or earlier. Test by attempting to access /user/profile with crafted image parameters to see if information is disclosed.

Check Version:

Check application version in admin panel or configuration files. Look for version information in /admin or /about pages.

Verify Fix Applied:

Verify version is above 2.6.5 or that workarounds prevent access to /user/profile endpoint and block image manipulation attempts.

📡 Detection & Monitoring

Log Indicators:

Unusual access patterns to /user/profile endpoint
Multiple failed or successful requests with image parameters
Requests with unusual image file extensions or parameters

Network Indicators:

HTTP requests to /user/profile with image-related parameters
Unusual outbound data transfers following profile access

SIEM Query:

source="web_server" AND (uri_path="/user/profile" OR uri_path CONTAINS "/user/profile/") AND (param CONTAINS "image" OR param CONTAINS "img" OR file_ext IN ("jpg","png","gif"))

📊 Metadata

CVE ID: CVE-2025-13785

CVSS v3 Score: 4.3 (MEDIUM)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

CWE: CWE-200

EPSS Score: 0.04% exploit probability (11.4th percentile)

Published: November 30, 2025

Last Updated: December 6, 2025

🔗 References

https://gist.github.com/thezeekhan/02f5255506080849fc732eea07008634 Exploit,Third Party Advisory
https://vuldb.com/?ctiid.333789 Permissions Required,VDB Entry
https://vuldb.com/?id.333789 Third Party Advisory,VDB Entry
https://vuldb.com/?submit.689026 Third Party Advisory,VDB Entry
https://gist.github.com/thezeekhan/02f5255506080849fc732eea07008634 Exploit,Third Party Advisory
https://vuldb.com/?submit.689026 Third Party Advisory,VDB Entry

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2025-13785, you might also want to check these: