CVE-2025-48372 – Schule One-Time Password Brute-Force Vulnerability

May 22, 2025

CVE ID : CVE-2025-48372

Published : May 22, 2025, 9:15 p.m. | 1 hour, 36 minutes ago

Description : Schule is open-source school management system software. The generateOTP() function generates a 4-digit numeric One-Time Password (OTP). Prior to version 1.0.1, even if a secure random number generator is used, the short length and limited range (1000–9999) results in only 9000 possible combinations. This small keyspace makes the OTP highly vulnerable to brute-force attacks, especially in the absence of strong rate-limiting or lockout mechanisms. Version 1.0.1 fixes the issue.

Severity: 0.0 | NA

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

Source: Read More

Previous ArticleCVE-2025-48373 – Schule Client-Side Role Hijacking Vulnerability

Next Article CVE-2025-4692 – ABUP Cloud Update Platform JWT Privilege Escalation Vulnerability

Microsoft donates DocumentDB to the Linux Foundation

A Week In The Life Of An AI-Augmented Designer

This week in AI updates: Gemini Code Assist Agent Mode, GitHub’s Agents panel, and more (August 22, 2025)

Microsoft adds Copilot-powered debugging features for .NET in Visual Studio

ChatGPT is reportedly scraping Google Search data to answer your questions – here’s how

The 10 best early Labor Day deals live now: Save on Apple, Samsung and more

5 rumored Apple iPhone Fold features that have me excited (and frustrated at the same time)

Forget plug-and-play AI: Here’s what successful AI projects do differently

Log Outgoing HTTP Requests with the Laravel Spy Package

Log Outgoing HTTP Requests with the Laravel Spy Package

devdojo/auth

Rust Slices: Cutting Into References the Safe Way

Best AI Girlfriend Simulator [2025 Working Apps and Websites]

Best AI Girlfriend Simulator [2025 Working Apps and Websites]

8 Best Paid and Free AI Sexting Chat Apps in 2025

Best AI Anime Art Generator: 7 Best to Use [Free & Premium]

CVE-2025-48372 – Schule One-Time Password Brute-Force Vulnerability

Transparent Tribe Targets Indian Govt With Weaponized Desktop Shortcuts via Phishing

Buffalo Police Detective Indicted for Attempted Purchases on Genesis Market

Destiny 2: The Edge of Fate reviews open ‘Mixed’ on Steam, with a player count only a fraction of The Final Shape’s — I’m surprised it’s this low after a new expansion

CVE-2024-52900 – IBM Cognos Analytics Stored Cross-Site Scripting Vulnerability

My jaw dropped at this Fallout-themed DOOM mod that reimagines the classic RPG as an FPS — one of the coolest fan games I’ve ever seen

Vinyl Online Casino aus DE starten

Microsoft Patches 67 Vulnerabilities Including WEBDAV Zero-Day Exploited in the Wild

Beyond AEM: How Adobe Sensei Powers the Full Enterprise Experience

CVE-2023-45720 – HCL Leap Directory Information Information Disclosure

CVE-2024-48907 – Sematell ReplyOne 7.4.3.0 allows SSRF via the appl

CVE-2025-48372 – Schule One-Time Password Brute-Force Vulnerability

Related Posts