216.73.217.86

CVE-2025-11080

· Published 27/09/2025 22:15 · Modified 27/09/2025 22:15

Labels: CVE-2025-11080 2025-09-27CVE-2025-11080CWE-266[email protected]

Essential information

Published
27/09/2025 22:15
Modified
27/09/2025 22:15
Author
Creator
CVSS
5.3 MEDIUM (v3) 5.3 MEDIUM (v4.0)
CISA KEV
No
CWE
CVSS vector

CVSS metrics

Description

A security vulnerability has been detected in zhuimengshaonian wisdom-education up to 1.0.4. This vulnerability affects the function selectStudentExamInfoList of the file src/main/java/com/education/api/controller/student/ExamInfoController.java. Such manipulation of the argument subjectId leads to improper authorization. It is possible to launch the attack remotely. The exploit has been disclosed publicly and may be used.

NVD status

Status
Received — CVE has been recently published to the CVE List and has been received by the NVD.
Source
[email protected]
NVD
View on NVD

Affected products (CPE)

ProductCPE
zhuimengshaonian / wisdom-education cpe:2.3:a:zhuimengshaonian:wisdom-education:1.0.0-1.0.4:*:*:*:*:*:*:*

References