CVE-2025-3849

MEDIUM Year: 2025
CVSS v3 Score
4.3
Medium
CVSS v2 Score
4.0
Medium
Weakness Type
CWE-620
View all →

Vulnerability Description

A vulnerability classified as problematic was found in YXJ2018 SpringBoot-Vue-OnlineExam 1.0. This vulnerability affects unknown code of the file /api/studentPWD. The manipulation of the argument studentId leads to unverified password change. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used.

Related Vulnerabilities

CVE-2023-4381

MEDIUM
CVSS:4.3(Medium)

Unverified Password Change in GitHub repository instantsoft/icms2 prior to 2.16.1-git.

CWE-6202023

CVE-2023-5844

MEDIUM
CVSS:4.3(Medium)

Unverified Password Change in GitHub repository pimcore/admin-ui-classic-bundle prior to 1.2.0.

CWE-6202023

CVE-2025-3793

MEDIUM
CVSS:4.2(Medium)

The Buddypress Force Password Change plugin for WordPress is vulnerable to authenticated account takeover due to the plugin not properly validating a user's identity prior to updating their password t...

CWE-6202025

CVE-2025-47938

LOW
CVSS:3.8(Low)

TYPO3 is an open source, PHP based web content management system. Starting in version 9.0.0 and prior to versions 9.5.51 ELTS, 10.4.50 ELTS, 11.5.44 ELTS, 12.4.31 LTS, and 13.4.12 LTS, the backend use...

CWE-6202025

CVE-2021-34786

MEDIUM
CVSS:4.9(Medium)

Multiple vulnerabilities in Cisco BroadWorks CommPilot Application Software could allow an authenticated, remote attacker to delete arbitrary user accounts or gain elevated privileges on an affected s...

CWE-6202021

CVE-2022-2930

MEDIUM
CVSS:5.3(Medium)

Unverified Password Change in GitHub repository octoprint/octoprint prior to 1.8.3.

CWE-6202022