CVE-2025-11080 MEDIUM

CVE-2025-11080: zhuimengshaonian wisdom-education ExamInfoController.java selectStudentExamInfoList improper authorization

Vendor Zhuimengshaonian

Product wisdom-education

Weakness CWE-285

Published September 27, 2025

Last update September 29, 2025

View on NVD All CVEs

CVSS base score

5.3/10

Attack vector Network

Attack complexity Low

Privileges required Low

User interaction None

Confidentiality —

Integrity —

CVSS vector

CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:P

What the vulnerability does

Description

A security vulnerability has been detected in zhuimengshaonian wisdom-education up to 1.0.4. This vulnerability affects the function selectStudentExamInfoList of the file src/main/java/com/education/api/controller/student/ExamInfoController.java. Such manipulation of the argument subjectId leads to improper authorization. It is possible to launch the attack remotely. The exploit has been disclosed publicly and may be used.

Key dates

Disclosure timeline

September 27, 2025 CVE published

September 29, 2025 Record updated

Identifiers

CVE CVE-2025-11080

CWE CWE-285

CVSS 5.3 / MEDIUM

Affected versions

Vendor Zhuimengshaonian

Product wisdom-education

Affected 1.0.0

Vendor Zhuimengshaonian

Product wisdom-education

Affected 1.0.1

Vendor Zhuimengshaonian

Product wisdom-education

Affected 1.0.2

Vendor Zhuimengshaonian

Product wisdom-education

Affected 1.0.3

Vendor Zhuimengshaonian

Product wisdom-education

Affected 1.0.4