CVE-2025-48372
- Source
- https://nvd.nist.gov/vuln/detail/CVE-2025-48372
- Import Source
- https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2025-48372.json
- JSON Data
- https://api.osv.dev/v1/vulns/CVE-2025-48372
- Aliases
-
- GHSA-6c48-67xx-vqgc
- Published
- 2025-05-22T21:15:36Z
- Modified
- 2025-05-23T16:49:34.474970Z
- Summary
- [none]
- Details
-
Schule is open-source school management system software. The generateOTP() function generates a 4-digit numeric One-Time Password (OTP). Prior to version 1.0.1, even if a secure random number generator is used, the short length and limited range (1000–9999) results in only 9000 possible combinations. This small keyspace makes the OTP highly vulnerable to brute-force attacks, especially in the absence of strong rate-limiting or lockout mechanisms. Version 1.0.1 fixes the issue.
- References