CVE-2025-5649
Unknown Unknown - Not Provided
BaseFortify

Publication date: 2025-06-05

Last updated on: 2025-06-10

Assigner: VulDB

Description
A vulnerability classified as critical has been found in SourceCodester Student Result Management System 1.0. This affects an unknown part of the file /admin/core/new_user of the component Register Interface. The manipulation leads to improper access controls. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2025-06-05
Last Modified
2025-06-10
Generated
2026-05-07
AI Q&A
2025-06-05
EPSS Evaluated
2026-05-05
NVD
CVE-2025-5649
EUVD
EUVD-2025-16976
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
razormist student_result_management_system 1.0
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-266 A product incorrectly assigns a privilege to a particular actor, creating an unintended sphere of control for that actor.
CWE-284 The product does not restrict or incorrectly restricts access to a resource from an unauthorized actor.
CWE-NVD-CWE-noinfo
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?

This vulnerability is an improper access control issue in the SourceCodester Student Result Management System 1.0, specifically in the Register Interface component at /admin/core/new_user. It allows unauthorized users to remotely access this endpoint without authentication and create new admin-level accounts, effectively bypassing access restrictions. This means attackers can escalate privileges by registering privileged users without any restrictions. [1, 2]


How can this vulnerability impact me? :

The vulnerability can impact you by allowing unauthorized attackers to gain administrative access to the system remotely without any authentication. This can lead to unauthorized privilege escalation, compromising system integrity and potentially allowing attackers to manipulate or control sensitive data and system functions. [1, 2]


How can this vulnerability be detected on my network or system? Can you suggest some commands?

This vulnerability can be detected by checking for unauthorized access or creation of admin-level accounts via the endpoint /admin/core/new_user. You can monitor network traffic for POST requests to this endpoint that create new users without authentication. For example, using curl to test the endpoint: curl -X POST http://<target>/admin/core/new_user -d '{"username":"test","password":"test"}' -H 'Content-Type: application/json' and observing if the request succeeds without authentication. Additionally, inspecting web server logs for unexpected POST requests to /admin/core/new_user can help detect exploitation attempts. [2]


What immediate steps should I take to mitigate this vulnerability?

Immediate mitigation steps include restricting access to the /admin/core/new_user endpoint by implementing proper authentication and access control mechanisms. If possible, disable or remove the vulnerable component. Since no known countermeasures or patches are available, replacing the affected component with an alternative product is recommended to prevent exploitation. [1]


Ask Our AI Assistant
Need more information? Ask your question to get an AI reply (Powered by our expertise)
0/70
EPSS Chart