Serosoft Academia Student Information System — known CVE vulnerabilities
Every CVE whose affected-product data names Serosoft Academia Student Information System, ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVEs (7)
CVE-2025-27583 — CVSS 9.1 (critical): Incorrect access control in the component /rest/staffResource/findAllUsersAcrossOrg of Serosoft Solutions Pvt Ltd Academia Student…
CVE-2025-25950 — CVSS 8.1 (high): Incorrect access control in the component /rest/staffResource/update of Serosoft Solutions Pvt Ltd Academia Student Information System…
CVE-2025-25951 — CVSS 7.5 (high): An information disclosure vulnerability in the component /rest/cb/executeBasicSearch of Serosoft Solutions Pvt Ltd Academia Student…
CVE-2025-25953 — CVSS 6.5 (medium): Serosoft Solutions Pvt Ltd Academia Student Information System (SIS) EagleR v1.0.118 was discovered to contain an Azure JWT access token…
CVE-2025-25952 — CVSS 6.5 (medium): An Insecure Direct Object References (IDOR) in the component /getStudemtAllDetailsById?studentId=XX of Serosoft Solutions Pvt Ltd Academia…
CVE-2025-27584 — CVSS 5.4 (medium): A stored cross-site scripting (XSS) vulnerability in Serosoft Solutions Pvt Ltd Academia Student Information System (SIS) EagleR v1.0.118…
CVE-2025-27585 — CVSS 5.4 (medium): A stored cross-site scripting (XSS) vulnerability in Serosoft Solutions Pvt Ltd Academia Student Information System (SIS) EagleR v1.0.118…