VYPR
Medium severity5.3NVD Advisory· Published May 23, 2025· Updated Jun 17, 2026

CVE-2025-48375

CVE-2025-48375

Description

Schule is open-source school management system software. Prior to version 1.0.1, the file forgot_password.php (or equivalent endpoint responsible for email-based OTP generation) lacks proper rate limiting controls, allowing attackers to abuse the OTP request functionality. This vulnerability can be exploited to send an excessive number of OTP emails, leading to potential denial-of-service (DoS) conditions or facilitating user harassment through email flooding. Version 1.0.1 fixes the issue.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected products

2
  • Schule/Schulellm-fuzzy
    Range: <1.0.1
  • schule111/Schulev5
    Range: < 1.0.1

Patches

Vulnerability mechanics

References

1

News mentions

0

No linked articles in our index yet.