CVE-2025-8322
BaseFortify
Publication date: 2025-07-30
Last updated on: 2025-07-31
Assigner: TWCERT/CC
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| feiyu_high-tech | multifunction_smart_campus_platform | * |
| ventem | e-school | * |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-862 | The product does not perform an authorization check when an actor attempts to access a resource or perform an action. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
CVE-2025-8322 is a Missing Authorization vulnerability in Ventem's e-School platform that allows remote attackers with regular user privileges to access administrator functions without proper authorization. This means an attacker can create, modify, and delete user accounts and escalate any account to system administrator level, effectively gaining full control over the system. [1, 2]
How can this vulnerability impact me? :
This vulnerability can have a severe impact by allowing attackers to take over administrator functions remotely. They can manipulate user accounts, including creating, modifying, deleting, and escalating privileges to system administrator level. This compromises the confidentiality, integrity, and availability of the system, potentially leading to unauthorized access, data breaches, and disruption of services. [1, 2]
What immediate steps should I take to mitigate this vulnerability?
Immediate mitigation steps include contacting Feiyu High-Tech or Ventem to confirm the update status for the affected e-School or Feiyu High-Tech multifunction smart campus platform. Additionally, consider disabling external services and restricting access to the affected system to internal campus network use only to prevent remote exploitation. [1, 2]