CVE-2025-5985 – CVE-2025-5985 is an improper authentication vul... (How to Fix)

Q: What is the severity of CVE-2025-5985?

CVE-2025-5985 has a CVSS score of 7.3 (HIGH). CVE-2025-5985 is an improper authentication vulnerability in code-projects School Fees Payment System 1.0 that allows attackers to bypass authentication mechanisms. This critical vulnerability enables remote attackers to gain unauthorized access to the system. All users running version 1.0 of this software are affected.

📋 TL;DR

CVE-2025-5985 is an improper authentication vulnerability in code-projects School Fees Payment System 1.0 that allows attackers to bypass authentication mechanisms. This critical vulnerability enables remote attackers to gain unauthorized access to the system. All users running version 1.0 of this software are affected.

💻 Affected Systems

Products:

code-projects School Fees Payment System

Versions: 1.0

Operating Systems: Any OS running the web application

Default Config Vulnerable: ⚠️ Yes

Notes: All installations of version 1.0 are vulnerable regardless of configuration.

📦 What is this software?

School Fees Payment System by Fabian

View all CVEs affecting School Fees Payment System →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete system compromise allowing attackers to access sensitive student payment data, modify financial records, or take administrative control of the system.

🟠

Likely Case

Unauthorized access to student payment information, potential data theft, and manipulation of fee records.

🟢

If Mitigated

Limited impact with proper network segmentation and access controls preventing exploitation attempts.

🌐 Internet-Facing: HIGH - The vulnerability can be exploited remotely and public exploit details are available.

🏢 Internal Only: MEDIUM - Internal systems are still vulnerable but require network access.

🎯 Exploit Status

Public PoC: ⚠️ Yes

Weaponized: LIKELY

Unauthenticated Exploit: ⚠️ Yes

Complexity: LOW

Exploit details have been publicly disclosed on GitHub, making exploitation straightforward for attackers.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Unknown

Vendor Advisory: https://code-projects.org/

Restart Required: No

Instructions:

No official patch available. Consider migrating to alternative software or implementing workarounds.

🔧 Temporary Workarounds

Network Access Restriction

all

Restrict network access to the application using firewall rules to only allow trusted IP addresses.

Web Application Firewall

all

Deploy a WAF with authentication bypass protection rules to block exploitation attempts.

🧯 If You Can't Patch

Isolate the system on a segmented network with strict access controls
Implement multi-factor authentication at the network or proxy layer

🔍 How to Verify

Check if Vulnerable:

Check if you are running code-projects School Fees Payment System version 1.0 by reviewing the application version in the admin panel or configuration files.

Check Version:

Check application configuration files or database version tables for '1.0' version string.

Verify Fix Applied:

Test authentication bypass attempts using the disclosed exploit method to confirm the system remains vulnerable.

📡 Detection & Monitoring

Log Indicators:

Multiple failed authentication attempts followed by successful access without valid credentials
Unusual access patterns from unexpected IP addresses

Network Indicators:

HTTP requests attempting known authentication bypass patterns
Traffic to authentication endpoints from unauthorized sources

SIEM Query:

source="web_server" AND (uri="/login" OR uri="/auth") AND status=200 AND user_agent="*exploit*"

📊 Metadata

CVE ID: CVE-2025-5985

CVSS v3 Score: 7.3 (HIGH)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L

CWE: CWE-287

EPSS Score: 0.22% exploit probability (44th percentile)

Published: June 10, 2025

Last Updated: June 17, 2025

🔗 References

https://code-projects.org/ Product
https://github.com/tuooo/CVE/issues/13 Exploit,Issue Tracking,Third Party Advisory
https://vuldb.com/?ctiid.311900 Permissions Required,VDB Entry
https://vuldb.com/?id.311900 Third Party Advisory,VDB Entry
https://vuldb.com/?submit.592612 Third Party Advisory,VDB Entry

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2025-5985, you might also want to check these: