CVE - CVE-2025-48372

CVE-ID
CVE-2025-48372	Learn more at National Vulnerability Database (NVD) • CVSS Severity Rating • Fix Information • Vulnerable Software Versions • SCAP Mappings • CPE Information
Description
Schule is open-source school management system software. The generateOTP() function generates a 4-digit numeric One-Time Password (OTP). Prior to version 1.0.1, even if a secure random number generator is used, the short length and limited range (1000–9999) results in only 9000 possible combinations. This small keyspace makes the OTP highly vulnerable to brute-force attacks, especially in the absence of strong rate-limiting or lockout mechanisms. Version 1.0.1 fixes the issue.
References
Note: References are provided for the convenience of the reader to help distinguish between vulnerabilities. The list is not intended to be complete.
MISC:https://github.com/schule111/Schule/commit/cd53abbea93943f2c60a5281d45bebadc57636b7 URL:https://github.com/schule111/Schule/commit/cd53abbea93943f2c60a5281d45bebadc57636b7 MISC:https://github.com/schule111/Schule/security/advisories/GHSA-6c48-67xx-vqgc URL:https://github.com/schule111/Schule/security/advisories/GHSA-6c48-67xx-vqgc
Assigning CNA
GitHub (maintainer security advisories)
Date Record Created
20250519	Disclaimer: The record creation date may reflect when the CVE ID was allocated or reserved, and does not necessarily indicate when this vulnerability was discovered, shared with the affected vendor, publicly disclosed, or updated in CVE.
Phase (Legacy)
Assigned (20250519)
Votes (Legacy)

Comments (Legacy)

Proposed (Legacy)
N/A
This is an record on the CVE List, which provides common identifiers for publicly known cybersecurity vulnerabilities.
Search CVE Using Keywords: You can also search by reference using the CVE Reference Maps.
For More Information: CVE Request Web Form (select "Other" from dropdown)