CVE-2025-25948 is a critical security vulnerability identified in the Academia Student Information System (SIS) EagleR version 1.0.118 developed by Serosoft Solutions Pvt Ltd. The vulnerability arises from incorrect access control in the REST API endpoint /rest/staffResource/create. This endpoint is responsible for creating and modifying user accounts within the system, including those with Administrator privileges. Due to improper access control, the endpoint does not enforce authentication or authorization, allowing any unauthenticated attacker to invoke it remotely over the network. This results in the ability to create new user accounts or modify existing ones, effectively granting attackers administrative control over the SIS platform. The vulnerability is classified under CWE-284 (Improper Access Control) and has a CVSS v3.1 base score of 9.1, indicating a critical severity level. The attack vector is network-based (AV:N), requires no privileges (PR:N), no user interaction (UI:N), and affects confidentiality and integrity with high impact (C:H/I:H/A:N). Although no public exploits have been reported yet, the vulnerability’s characteristics make it highly exploitable. The SIS platform typically manages sensitive student and staff data, so exploitation could lead to unauthorized data access, manipulation, and disruption of educational operations. The lack of available patches or mitigations at the time of disclosure increases the urgency for organizations to implement compensating controls.

For European organizations, particularly educational institutions using the Academia SIS EagleR platform, this vulnerability poses a severe risk. Exploitation could lead to unauthorized creation and modification of user accounts, including administrators, resulting in full system compromise. This can cause significant breaches of sensitive personal data of students and staff, violating GDPR and other data protection regulations. The integrity of academic records and operational continuity could be compromised, potentially disrupting educational services. Additionally, attackers could use the compromised system as a foothold for lateral movement within institutional networks, escalating the threat to broader IT infrastructure. The reputational damage and regulatory penalties following a breach could be substantial. Given the critical nature of the vulnerability and the lack of authentication requirements, the threat is immediate and widespread for any organization running the affected SIS version.

1. Immediately restrict network access to the /rest/staffResource/create endpoint using firewall rules or network segmentation to limit exposure only to trusted administrative networks. 2. Implement strong authentication and authorization mechanisms on the vulnerable endpoint to ensure only authorized personnel can create or modify user accounts. 3. Monitor system logs and audit trails for any unusual account creation or modification activities, especially for new administrator accounts. 4. If possible, disable or remove the vulnerable API endpoint until a vendor patch is available. 5. Engage with Serosoft Solutions Pvt Ltd to obtain official patches or updates addressing this vulnerability. 6. Conduct a thorough review of all user accounts and permissions to detect and remediate any unauthorized changes. 7. Educate IT staff and administrators about this vulnerability and ensure incident response plans are updated to handle potential exploitation. 8. Consider deploying Web Application Firewalls (WAFs) with custom rules to detect and block exploit attempts targeting this endpoint.