Unrated severityNVD Advisory· Published Dec 4, 2025· Updated Dec 8, 2025

CVE-2025-61148

Description

An Insecure Direct Object Reference (IDOR) vulnerability in the EduplusCampus 3.0.1 Student Payment API allows authenticated users to access other students personal and financial records by modifying the 'rec_no' parameter in the /student/get-receipt endpoint.

Affected products

EduplusCampus/EduplusCampusdescription
EduplusCampus/EduplusCampusllm-create
Range: = 3.0.1

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

drive.google.com/file/d/1BRZRurbl7TY6KU4uaelAUn7L9Cn6XfjC/viewmitre
medium.com/@Charon19d/how-i-hacked-all-universities-in-my-city-d6b8e320455cmitre

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.000
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000