CVE-2025-31338

A missing authorization vulnerability in the retrieve teacher Information function of Wisdom Master Pro versions 5.0 through 5.2 allows remote attackers to obtain partial user data by accessing the API functionality.

CVSS

No CVSS.

References

Link	Resource
https://zuso.ai/advisory/za-2025-01

Configurations

No configuration.

History

No history.

Information

Published : 2025-04-17 03:15

Updated : 2025-04-17 20:21

NVD link : CVE-2025-31338

Mitre link : CVE-2025-31338

CVE.ORG link : CVE-2025-31338

JSON object : View

Products Affected

No product.

CWE

CWE-862

Missing Authorization

{"id": "CVE-2025-31338", "cveTags": [], "metrics": {"cvssMetricV40": [{"type": "Secondary", "source": "ART@zuso.ai", "cvssData": {"Safety": "NOT_DEFINED", "version": "4.0", "Recovery": "NOT_DEFINED", "baseScore": 6.9, "Automatable": "NOT_DEFINED", "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "exploitMaturity": "NOT_DEFINED", "providerUrgency": "NOT_DEFINED", "userInteraction": "NONE", "attackComplexity": "LOW", "attackRequirements": "NONE", "privilegesRequired": "NONE", "subIntegrityImpact": "NONE", "vulnIntegrityImpact": "NONE", "integrityRequirement": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "subAvailabilityImpact": "NONE", "vulnAvailabilityImpact": "NONE", "availabilityRequirement": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "subConfidentialityImpact": "NONE", "vulnConfidentialityImpact": "LOW", "confidentialityRequirement": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedSubIntegrityImpact": "NOT_DEFINED", "modifiedVulnIntegrityImpact": "NOT_DEFINED", "vulnerabilityResponseEffort": "NOT_DEFINED", "modifiedSubAvailabilityImpact": "NOT_DEFINED", "modifiedVulnAvailabilityImpact": "NOT_DEFINED", "modifiedSubConfidentialityImpact": "NOT_DEFINED", "modifiedVulnConfidentialityImpact": "NOT_DEFINED"}}]}, "published": "2025-04-17T03:15:15.767", "references": [{"url": "https://zuso.ai/advisory/za-2025-01", "source": "ART@zuso.ai"}], "vulnStatus": "Awaiting Analysis", "weaknesses": [{"type": "Secondary", "source": "ART@zuso.ai", "description": [{"lang": "en", "value": "CWE-862"}]}], "descriptions": [{"lang": "en", "value": "A missing authorization vulnerability in the retrieve teacher Information function of Wisdom Master Pro versions 5.0 through 5.2 allows remote attackers to obtain partial user data by accessing the API functionality."}, {"lang": "es", "value": "Una vulnerabilidad de autorizaci\u00f3n faltante en la funci\u00f3n de recuperaci\u00f3n de informaci\u00f3n del profesor de Wisdom Master Pro versiones 5.0 a 5.2 permite a atacantes remotos obtener datos parciales del usuario accediendo a la funcionalidad de la API."}], "lastModified": "2025-04-17T20:21:48.243", "sourceIdentifier": "ART@zuso.ai"}

CVE-2025-31338

JSON object

Attach tags to CVE-2025-31338

Attach tags to `CVE-2025-31338`