VYPR
High severity7.3NVD Advisory· Published May 22, 2025· Updated Jun 17, 2026

CVE-2025-48372

CVE-2025-48372

Description

Schule is open-source school management system software. The generateOTP() function generates a 4-digit numeric One-Time Password (OTP). Prior to version 1.0.1, even if a secure random number generator is used, the short length and limited range (1000–9999) results in only 9000 possible combinations. This small keyspace makes the OTP highly vulnerable to brute-force attacks, especially in the absence of strong rate-limiting or lockout mechanisms. Version 1.0.1 fixes the issue.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected products

2
  • Schule/Schulellm-fuzzy
    Range: <1.0.1
  • schule111/Schulev5
    Range: < 1.0.1

Patches

Vulnerability mechanics

References

2

News mentions

0

No linked articles in our index yet.