CVE-2025-48375 – Schule Open-Source School Management System OTP Email Flooding Vulnerability

May 23, 2025

CVE ID : CVE-2025-48375

Published : May 23, 2025, 4:15 p.m. | 2 hours, 37 minutes ago

Description : Schule is open-source school management system software. Prior to version 1.0.1, the file forgot_password.php (or equivalent endpoint responsible for email-based OTP generation) lacks proper rate limiting controls, allowing attackers to abuse the OTP request functionality. This vulnerability can be exploited to send an excessive number of OTP emails, leading to potential denial-of-service (DoS) conditions or facilitating user harassment through email flooding. Version 1.0.1 fixes the issue.

Severity: 0.0 | NA

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

Source: Read More

Previous ArticleCVE-2025-48376 – DNN External URL Site Export RCE

Next Article CVE-2025-43860 – OpenEMR Stored Cross-Site Scripting (XSS) Vulnerability

Highlights

CVE-2025-35978 – UpdateNavi UpdateNaviInstallService Remote Code Execution

June 12, 2025

CVE ID : CVE-2025-35978

Published : June 12, 2025, 6:15 a.m. | 3 hours, 43 minutes ago

Description : Improper restriction of communication channel to intended endpoints issue exists in UpdateNavi V1.4 L10 to L33 and UpdateNaviInstallService Service 1.2.0091 to 1.2.0125. If a local authenticated attacker send malicious data, an arbitrary registry value may be modified or arbitrary code may be executed.

Severity: 7.1 | HIGH

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

Designing For TV: The Evergreen Pattern That Shapes TV Experiences

Amplitude launches new self-service capabilities for marketing initiatives

Microsoft packs Visual Studio August update with smarter AI features

Optimizing PWAs For Different Display Modes

Why this $25 ratchet tool beats any multitool or Swiss Army Knife I’ve ever tested

One of my favorite sports watches from 2024 just got upgrades in all the right places

Google’s AI Mode is getting more links for you not to click on

I still prefer Apple Watch over Oura Ring for 3 key reasons – but there is one big drawback

Heartbeat Collection Method in Laravel 12.26; Wayfinder Now in React and Vue Starter Kits

Heartbeat Collection Method in Laravel 12.26; Wayfinder Now in React and Vue Starter Kits

spatie/laravel-rdap

mvanduijker/laravel-mercure-broadcaster

Geekom’s A9 Max mini PC is so good that I want to turn off my desktop gaming rig — and it’s not bad at AI, either

Geekom’s A9 Max mini PC is so good that I want to turn off my desktop gaming rig — and it’s not bad at AI, either

‘There Are No Ghosts At The Grand’ looks glorious — I’m more excited than ever for this upcoming Xbox Game Pass release

Epic Games CEO Tim Sweeney says Unreal Engine 5’s performance problems aren’t about the engine — they’re about when developers choose to optimize

CVE-2025-48375 – Schule Open-Source School Management System OTP Email Flooding Vulnerability

First known AI-powered ransomware uncovered by ESET Research

Blind Eagle’s Five Clusters Target Colombia Using RATs, Phishing Lures, and Dynamic DNS Infra

Get 23% OFF the ‘SteelSeries Arctis Nova Pro Wireless’ headset for Xbox / PC — arguably the best high-end multi-device headset you can get

Font Selection Guidelines

How to Use Notion for Small Businesses in 2025

Polar adds personalized fitness subscription to its smartwatch app, like Garmin’s

CVE-2025-35978 – UpdateNavi UpdateNaviInstallService Remote Code Execution

CVE-2024-8973 – GitLab GitHub Import Denial of Service

CVE-2025-48475 – FreeScout Unrestricted Client Access Vulnerability

10 Best SolarMovie Alternatives to Watch Free Movies in 2025

CVE-2025-48375 – Schule Open-Source School Management System OTP Email Flooding Vulnerability

Related Posts