CVE-2025-5649 — Incorrect Privilege Assignment in Student Result Management System

CWE-266 — Incorrect Privilege Assignment CWE-284 — Improper Access Control3 documents3 sources

Severity

6.9MEDIUMNVD

EPSS

0.2%

top 56.87%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Sourcecodester Student Result Management System Razormist Student Result Management System

Timeline

PublishedJun 5

Description

A vulnerability classified as critical has been found in SourceCodester Student Result Management System 1.0. This affects an unknown part of the file /admin/core/new_user of the component Register Interface. The manipulation leads to improper access controls. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used.

CVSS vector

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N

Affected Packages2 packages

▶CVEListV5sourcecodester/student_result_management_system1.0

▶NVDrazormist/student_result_management_system1.0

🔴Vulnerability Details

CVEList

SourceCodester Student Result Management System Register Interface new_user access control↗2025-06-05

▶

GHSA

GHSA-gm9v-2778-r2wp: A vulnerability classified as critical has been found in SourceCodester Student Result Management System 1↗2025-06-05

▶