Vulnerability Details CVE-2025-48372
Schule is open-source school management system software. The generateOTP() function generates a 4-digit numeric One-Time Password (OTP). Prior to version 1.0.1, even if a secure random number generator is used, the short length and limited range (1000–9999) results in only 9000 possible combinations. This small keyspace makes the OTP highly vulnerable to brute-force attacks, especially in the absence of strong rate-limiting or lockout mechanisms. Version 1.0.1 fixes the issue.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.001
EPSS Ranking 18.4%
CVSS Severity
CVSS v3 Score 7.3
References
Products affected by CVE-2025-48372
-
cpe:2.3:a:schule111:schule_school_management_system:1.0.0