CVE-2025-25948 – This vulnerability allows unauthenticated attac... (How to Fix)

Q: What is the severity of CVE-2025-25948?

CVE-2025-25948 has a CVSS score of 9.1 (CRITICAL). This vulnerability allows unauthenticated attackers to create and modify user accounts, including Administrator accounts, in Serosoft Academia SIS EagleR. It affects systems running version 1.0.118 with the vulnerable REST endpoint exposed. Attackers can gain full administrative control over the student information system.

📋 TL;DR

This vulnerability allows unauthenticated attackers to create and modify user accounts, including Administrator accounts, in Serosoft Academia SIS EagleR. It affects systems running version 1.0.118 with the vulnerable REST endpoint exposed. Attackers can gain full administrative control over the student information system.

💻 Affected Systems

Products:

Serosoft Solutions Pvt Ltd Academia Student Information System (SIS) EagleR

Versions: v1.0.118

Operating Systems: Windows, Linux

Default Config Vulnerable: ⚠️ Yes

Notes: The vulnerability exists in the default installation with the /rest/staffResource/create endpoint accessible.

📦 What is this software?

Student Information System by Academiaerp

View all CVEs affecting Student Information System →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete system compromise where attackers create administrator accounts, access sensitive student data, modify grades, alter financial records, and potentially pivot to other systems.

🟠

Likely Case

Attackers create backdoor administrator accounts to maintain persistent access, exfiltrate sensitive student and institutional data, and potentially deploy ransomware.

🟢

If Mitigated

With proper network segmentation and access controls, impact is limited to the SIS application layer with no lateral movement to other systems.

🌐 Internet-Facing: HIGH

🏢 Internal Only: MEDIUM

🎯 Exploit Status

Public PoC: ⚠️ Yes

Weaponized: LIKELY

Unauthenticated Exploit: ⚠️ Yes

Complexity: LOW

Exploitation requires only HTTP POST requests to the vulnerable endpoint with crafted payloads.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Unknown

Vendor Advisory: Unknown

Restart Required: No

Instructions:

Contact Serosoft Solutions for patch information. Monitor their official channels for security updates.

🔧 Temporary Workarounds

Block Vulnerable Endpoint

all

Use web application firewall or reverse proxy to block access to /rest/staffResource/create

# Apache: RewriteRule ^/rest/staffResource/create - [F]
# Nginx: location ~ ^/rest/staffResource/create { return 403; }

Network Segmentation

linux

Restrict access to SIS application to authorized networks only

# Firewall rule example: iptables -A INPUT -p tcp --dport 80 -s 10.0.0.0/24 -j ACCEPT
# iptables -A INPUT -p tcp --dport 80 -j DROP

🧯 If You Can't Patch

Implement strict network access controls to limit SIS access to authorized IP ranges only
Deploy web application firewall with rules to detect and block exploitation attempts
Enable detailed logging and monitor for unauthorized account creation activities
Implement multi-factor authentication for all administrative accounts

🔍 How to Verify

Check if Vulnerable:

Test if HTTP POST requests to /rest/staffResource/create endpoint succeed without authentication

Check Version:

Check application version in admin panel or configuration files

Verify Fix Applied:

Verify that POST requests to the vulnerable endpoint now require proper authentication and return appropriate error codes

📡 Detection & Monitoring

Log Indicators:

HTTP 200 responses from POST /rest/staffResource/create without authentication
Unusual account creation events, especially administrator accounts
Multiple failed authentication attempts followed by successful account creation

Network Indicators:

HTTP POST requests to /rest/staffResource/create from unexpected sources
Traffic patterns showing account creation outside normal business hours

SIEM Query:

source="web_logs" AND (uri="/rest/staffResource/create" AND status=200) | stats count by src_ip

📊 Metadata

CVE ID: CVE-2025-25948

CVSS v3 Score: 9.1 (CRITICAL)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N

CWE: CWE-284

EPSS Score: 0.13% exploit probability (33th percentile)

Published: March 3, 2025

Last Updated: January 29, 2026

🔗 References

https://github.com/VvV1per/Vulnerability-Research-CVEs/tree/main/CVE-2024-53637 Broken Link
https://github.com/VvV1per/Vulnerability-Research-CVEs/tree/main/CVE-2025-25948 Broken Link
https://github.com/el-viper/cve-research/tree/main/CVEs/CVE-2025-25948 Exploit,Mitigation,Third Party Advisory

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2025-25948, you might also want to check these: