CVE-2025-70147 identifies a critical security vulnerability in ProjectWorlds Online Time Table Generator version 1.0, specifically due to missing authentication controls on two administrative endpoints: /admin/student.php and /admin/teacher.php. These endpoints can be accessed remotely via HTTP GET requests without requiring a valid authenticated session, allowing attackers to retrieve sensitive information, including plaintext password fields. The vulnerability arises from improper access control mechanisms (CWE-306) and missing authentication checks (CWE-862), which are fundamental security oversights. The absence of authentication means that any remote attacker can directly query these URLs and extract confidential data without any credentials or user interaction. The CVSS v3.1 base score of 7.5 reflects the network attack vector (AV:N), low attack complexity (AC:L), no privileges required (PR:N), no user interaction (UI:N), and a high impact on confidentiality (C:H) while integrity and availability remain unaffected. Although no public exploits have been reported yet, the vulnerability poses a significant risk due to the exposure of plaintext passwords and sensitive administrative data. This can lead to unauthorized access, credential theft, and potential lateral movement within affected organizations. The vulnerability affects all deployments of version 1.0 of this software, which is typically used in educational environments for timetable management. The lack of patches or official fixes at the time of publication necessitates immediate mitigation steps by administrators. Overall, this vulnerability represents a serious risk to confidentiality and requires urgent attention to prevent data breaches.

For European organizations, especially educational institutions and public sector entities using ProjectWorlds Online Time Table Generator 1.0, this vulnerability could lead to unauthorized disclosure of sensitive user data, including plaintext passwords. Such exposure can facilitate credential theft, unauthorized access to administrative functions, and potential escalation of privileges within the affected systems. The breach of confidentiality may also result in reputational damage, regulatory non-compliance (e.g., GDPR violations due to exposure of personal data), and operational disruptions if attackers leverage stolen credentials for further attacks. Since the vulnerability does not affect integrity or availability directly, the primary concern is data confidentiality. However, compromised credentials could indirectly lead to integrity or availability issues if attackers misuse access. The ease of exploitation without authentication or user interaction increases the risk of automated attacks and mass data harvesting. European organizations must consider the sensitivity of educational data and the potential impact on students and staff privacy. The lack of known exploits in the wild provides a window for proactive mitigation before active exploitation occurs.

1. Immediately implement authentication and access control mechanisms on the /admin/student.php and /admin/teacher.php endpoints to ensure only authorized users with valid sessions can access these resources. 2. Restrict access to administrative URLs by IP whitelisting or VPN-only access where feasible, limiting exposure to trusted networks. 3. Conduct a thorough audit of all administrative endpoints to verify that authentication is enforced consistently across the application. 4. Encrypt sensitive data at rest and in transit, and avoid storing or displaying plaintext passwords; implement secure password hashing and storage practices. 5. Monitor web server logs for unusual access patterns or repeated unauthorized requests to these endpoints. 6. Engage with the software vendor or development team to obtain or develop patches addressing this vulnerability. 7. Educate system administrators and users on the risks and signs of credential compromise. 8. As a temporary measure, disable or restrict access to the vulnerable endpoints if they are not critical for immediate operations. 9. Implement multi-factor authentication (MFA) for administrative access to reduce the risk of credential misuse. 10. Regularly update and patch all software components and maintain an inventory of all deployed applications to quickly identify vulnerable versions.