tsuretettee/cve-2025-65594

Releases0

My writeup on the incorrect access control vulnerability in OpenSIS.

CVE History

CVE	Published	CVSS v3	CVSS v2
CVE-2025-65594 ↗	Dec 9, 2025Tuesday, 9 December 2025, 18:16	8.1 HIGH	—
OpenSIS 9.2 and below is vulnerable to Incorrect Access Control in Student.php, which allows an authenticated low-privilege user to perform unauthorized database write operations relating to the data of other users.