CVE-2025-50870CRITICAL 9.8EPSS p26.0%

CVE-2025-50870CVE-2025-50870

Description

Institute-of-Current-Students 1.0 is vulnerable to Incorrect Access Control in the mydetailsstudent.php endpoint. The myds GET parameter accepts an email address as input and directly returns the corresponding student's personal information without validating the identity or permissions of the requesting user. This allows any authenticated or unauthenticated attacker to enumerate and retrieve sensitive student details by altering the email value in the request URL, leading to information disclosure.

Scoring

CVSS 3.19.8 (CRITICAL)
VectorCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
EPSS0.34% probability of exploitation · percentile 26.0% · 2026-06-19T12:03:05Z
Published2025-08-01
Last modified2026-04-15

Underlying weaknesses· 1

CWE-284

References

  1. https://cwe.mitre.org/data/definitions/284.html
  2. https://gist.github.com/b0mk35h/c4d47b5c4aacecdc8e6c4b02b40ce302

1

TypeTargetConfidenceTier
WeaknessImproper Access Controlcwe-2840%live

Related by meaning· 6

Nearest entities by semantic similarity across the cs-graph corpus.

CVE
CVE-2025-52410
CVE
CVE-2025-9837
CVE
CVE-2025-10848
CVE
CVE-2025-13243
CVE
CVE-2025-65594
CVE
CVE-2025-60305
Sourced from NVD + FIRST.org EPSS. Curated for EU compliance use cases by Adam Lundqvist, Founder at SQUR.