cvedb.io
CVE-2025-48372
HIGH · CVSS 7.3
EPSS exploitation probability: 0%
Published 2025-05-22T21:15:36.640 · Last modified 2026-06-17T09:29:33.900

Summary

Schule is open-source school management system software. The generateOTP() function generates a 4-digit numeric One-Time Password (OTP). Prior to version 1.0.1, even if a secure random number generator is used, the short length and limited range (1000–9999) results in only 9000 possible combinations. This small keyspace makes the OTP highly vulnerable to brute-force attacks, especially in the absence of strong rate-limiting or lockout mechanisms. Version 1.0.1 fixes the issue.

Affected products

schule111 — schule_school_management_system

Does this affect you?

Add your gear to cvedb and we'll alert you only when schule111 ships something exploited.

Check my exposure →

References

This product uses data from the NVD API but is not endorsed or certified by the NVD. Informational only; not professional security advice.