CVE-2025-14206 MEDIUM

CVE-2025-14206: SourceCodester Online Student Clearance System Fee Table delete-fee.php improper authorization

Vendor Sourcecodester

Product Online Student Clearance System

Weakness CWE-285

Published December 8, 2025

Last update December 8, 2025

View on NVD All CVEs

CVSS base score

6.9/10

Attack vector Network

Attack complexity Low

Privileges required None

User interaction None

Confidentiality —

Integrity —

CVSS vector

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:L/SC:N/SI:N/SA:N/E:P

What the vulnerability does

01Description

A vulnerability was determined in SourceCodester Online Student Clearance System 1.0. The affected element is an unknown function of the file /Admin/delete-fee.php of the component Fee Table Handler. Executing manipulation of the argument ID can lead to improper authorization. The attack may be performed from remote. The exploit has been publicly disclosed and may be utilized.

Key dates

02Disclosure timeline

December 8, 2025 CVE published

December 8, 2025 Record updated

External resources

03References

NVD — National Vulnerability Database https://nvd.nist.gov/vuln/detail/CVE-2025-14206

Related vulnerabilities

04Related CVE

CVE-2025-4104 Frontend Dashboard 1.0 - 2.2.6 - Missing Authorization to Unauthenticated Privilege Escalation via fed_wp_ajax_fed_login_form_post Function CVE-2023-28973 Junos OS Evolved: The 'sysmanctl' shell command allows a local user to gain access to some administrative actions CVE-2025-13576 code-projects Blog Site admin.php improper authorization CVE-2025-0928 Arbitrary executable upload via authenticated endpoint CVE-2023-33189 Incorrect Authorization with specially crafted requests