Vulnerability Details CVE-2025-22931
An insecure direct object reference (IDOR) in the component /assets/stafffiles of OS4ED openSIS v7.0 to v9.1 allows unauthenticated attackers to access files uploaded by staff members.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.001
EPSS Ranking 21.0%
CVSS Severity
CVSS v3 Score 7.5
References
Products affected by CVE-2025-22931
-
cpe:2.3:a:os4ed:opensis:7.0
-
cpe:2.3:a:os4ed:opensis:7.1
-
cpe:2.3:a:os4ed:opensis:7.2
-
cpe:2.3:a:os4ed:opensis:7.3
-
cpe:2.3:a:os4ed:opensis:7.4
-
cpe:2.3:a:os4ed:opensis:7.5
-
cpe:2.3:a:os4ed:opensis:7.6
-
cpe:2.3:a:os4ed:opensis:8.0
-
cpe:2.3:a:os4ed:opensis:9.0