CVE-2025-48372 – Schule One-Time Password Brute-Force Vulnerability

May 22, 2025

CVE ID : CVE-2025-48372

Published : May 22, 2025, 9:15 p.m. | 1 hour, 36 minutes ago

Description : Schule is open-source school management system software. The generateOTP() function generates a 4-digit numeric One-Time Password (OTP). Prior to version 1.0.1, even if a secure random number generator is used, the short length and limited range (1000–9999) results in only 9000 possible combinations. This small keyspace makes the OTP highly vulnerable to brute-force attacks, especially in the absence of strong rate-limiting or lockout mechanisms. Version 1.0.1 fixes the issue.

Severity: 0.0 | NA

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

Source: Read More

Previous ArticleCVE-2025-48373 – Schule Client-Side Role Hijacking Vulnerability

Next Article CVE-2025-4692 – ABUP Cloud Update Platform JWT Privilege Escalation Vulnerability

Anthropic proposes transparency framework for frontier AI development

Sonatype Open Source Malware Index, Gemini API Batch Mode, and more – Daily News Digest

15 Top Node.js Development Service Providers for Large Enterprises in 2026

Droip: The Modern Website Builder WordPress Needed

The gaming headset I use every day is slashed to its lowest price ever thanks to Amazon Prime Day — “stellar battery life” awaits

How passkeys work: The complete guide to your inevitable passwordless future

This Sony OLED TV is my pick for best Prime Day deal – and it’s the last chance to get 50% off

Blizzard announces release date for World of Warcraft: The War Within’s 3rd major content patch — a patch that will feature the largest, city-sized raid boss in MMORPG history

Top PHP Projects for B.Tech Students: Learn Real Skills with PHPGurukul Projects

Top PHP Projects for B.Tech Students: Learn Real Skills with PHPGurukul Projects

Deno 2.4: deno bundle is back

From Silos to Synergy: Accelerating Your AI Journey

The gaming headset I use every day is slashed to its lowest price ever thanks to Amazon Prime Day — “stellar battery life” awaits

The gaming headset I use every day is slashed to its lowest price ever thanks to Amazon Prime Day — “stellar battery life” awaits

Blizzard announces release date for World of Warcraft: The War Within’s 3rd major content patch — a patch that will feature the largest, city-sized raid boss in MMORPG history

Microsoft recently raised the price of the Xbox Series S, but these retailers just dropped it back down again — close to the old price, but not for long

CVE-2025-48372 – Schule One-Time Password Brute-Force Vulnerability

CVE-2025-49697 – Microsoft Office Heap Buffer Overflow Vulnerability

CVE-2025-49701 – Microsoft Office SharePoint Cross-Site Scripting (XSS)

Filter Model Attributes with Laravel’s New except() Method

CVE-2025-6100 – Realguoshuai Open-Video-CMS SQL Injection Vulnerability

CVE-2025-30010 – SAP SRM Java Applet Cross-Site Scripting (XSS)

Report: Security is no longer the top challenge in cloud native environments

Linux Mint 22.2 si chiamerà “Zara”, LMDE 7 “Gigi”

CVE-2025-6473 – School Fees Payment System Cross-Site Scripting Vulnerability

CVE-2025-5912 – D-Link DIR-632 Remote Stack-Based Buffer Overflow Vulnerability

DistroWatch Weekly, Issue 1124

CVE-2025-48372 – Schule One-Time Password Brute-Force Vulnerability

Related Posts