CVE-2025-27583CRITICAL 9.1EPSS p24.3%

CVE-2025-27583CVE-2025-27583

Description

Incorrect access control in the component /rest/staffResource/findAllUsersAcrossOrg of Serosoft Solutions Pvt Ltd Academia Student Information System (SIS) EagleR v1.0.118 allows create and modify user accounts, including an Administrator account.

Scoring

CVSS 3.19.1 (CRITICAL)
VectorCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
EPSS0.33% probability of exploitation · percentile 24.3% · 2026-06-21T12:00:28Z
Published2025-03-03
Last modified2025-06-27

Underlying weaknesses· 1

CWE-862

References

  1. https://github.com/VvV1per/Vulnerability-Research-CVEs/tree/main/CVE-2024-53637

1

TypeTargetConfidenceTier
WeaknessMissing Authorizationcwe-8620%live

Related by meaning· 6

Nearest entities by semantic similarity across the cs-graph corpus.

CVE
CVE-2025-25950
CVE
CVE-2025-25948
CVE
CVE-2025-65594
CVE
CVE-2025-8322
CVE
CVE-2026-23595
CVE
CVE-2025-13241
Sourced from NVD + FIRST.org EPSS. Curated for EU compliance use cases by Adam Lundqvist, Founder at SQUR.