1. Home
  2. CVE Database
  3. CVE-2025-48372
HIGH · 7.3

CVE-2025-48372

Schule is open-source school management system software. The generateOTP() function generates a 4-digit numeric One-Time Password (OTP). Prior to version 1.0.1, even if a secure random number generato...

Vulnerability Description

Schule is open-source school management system software. The generateOTP() function generates a 4-digit numeric One-Time Password (OTP). Prior to version 1.0.1, even if a secure random number generator is used, the short length and limited range (1000–9999) results in only 9000 possible combinations. This small keyspace makes the OTP highly vulnerable to brute-force attacks, especially in the absence of strong rate-limiting or lockout mechanisms. Version 1.0.1 fixes the issue.

CVSS Score

7.3

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality
LOW
Integrity
LOW
Availability
LOW

Affected Products

VendorProductVersions
Schule111Schule School Management System1.0.0

Related Weaknesses (CWE)

CWE-521

References

FAQ

What is CVE-2025-48372?

CVE-2025-48372 is a vulnerability with a CVSS score of 7.3 (HIGH). Schule is open-source school management system software. The generateOTP() function generates a 4-digit numeric One-Time Password (OTP). Prior to version 1.0.1, even if a secure random number generato...

How severe is CVE-2025-48372?

CVE-2025-48372 has been rated HIGH with a CVSS base score of 7.3/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2025-48372?

Check the references section above for vendor advisories and patch information. Affected products include: Schule111 Schule School Management System.