Medium severity5.3NVD Advisory· Published May 23, 2025· Updated Jun 17, 2026
CVE-2025-48375
CVE-2025-48375
Description
Schule is open-source school management system software. Prior to version 1.0.1, the file forgot_password.php (or equivalent endpoint responsible for email-based OTP generation) lacks proper rate limiting controls, allowing attackers to abuse the OTP request functionality. This vulnerability can be exploited to send an excessive number of OTP emails, leading to potential denial-of-service (DoS) conditions or facilitating user harassment through email flooding. Version 1.0.1 fixes the issue.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
2- schule111/Schulev5Range: < 1.0.1
Patches
Vulnerability mechanics
References
1- github.com/schule111/Schule/security/advisories/GHSA-h3f2-mc85-67gcnvdExploitVendor Advisory
News mentions
0No linked articles in our index yet.