{"id":63593,"date":"2025-05-23T21:32:02","date_gmt":"2025-05-23T18:02:02","guid":{"rendered":"https:\/\/afaghhosting.net\/blog\/cve-2025-48375-schule-open-source-school-management-system-otp-email-flooding-vulnerability\/"},"modified":"2025-05-23T21:32:02","modified_gmt":"2025-05-23T18:02:02","slug":"cve-2025-48375-schule-open-source-school-management-system-otp-email-flooding-vulnerability","status":"publish","type":"post","link":"https:\/\/afaghhosting.net\/blog\/cve-2025-48375-schule-open-source-school-management-system-otp-email-flooding-vulnerability\/","title":{"rendered":"CVE-2025-48375 &#8211; Schule Open-Source School Management System OTP Email Flooding Vulnerability"},"content":{"rendered":"<p><strong>CVE ID : <\/strong>CVE-2025-48375<br \/>\n<br \/>\n<strong>Published : <\/strong> May 23, 2025, 4:15 p.m. | 1\u00a0hour, 4\u00a0minutes ago<br \/>\n<br \/>\n<strong>Description : <\/strong>Schule is open-source school management system software. Prior to version 1.0.1, the file forgot_password.php (or equivalent endpoint responsible for email-based OTP generation) lacks proper rate limiting controls, allowing attackers to abuse the OTP request functionality. This vulnerability can be exploited to send an excessive number of OTP emails, leading to potential denial-of-service (DoS) conditions or facilitating user harassment through email flooding. Version 1.0.1 fixes the issue.<br \/>\n<br \/>\n<strong>Severity:<\/strong> 0.0 | NA<br \/>\n<br \/>\nVisit the link for more details, such as CVSS details, affected products, timeline, and more&#8230;<\/p>\n","protected":false},"excerpt":{"rendered":"<p>CVE ID : CVE-2025-48375 Published : May 23, 2025, 4:15 p.m. | 1\u00a0hour, 4\u00a0minutes ago Description : Schule is open-source school management system software. Prior to version 1.0.1, the file forgot_password.php (or equivalent endpoint responsible for email-based OTP generation) lacks proper rate limiting controls, allowing attackers to abuse the OTP request functionality. This vulnerability can &hellip;<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[26],"tags":[],"class_list":["post-63593","post","type-post","status-publish","format-standard","hentry","category-vulnerability"],"_links":{"self":[{"href":"https:\/\/afaghhosting.net\/blog\/wp-json\/wp\/v2\/posts\/63593","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/afaghhosting.net\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/afaghhosting.net\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/afaghhosting.net\/blog\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/afaghhosting.net\/blog\/wp-json\/wp\/v2\/comments?post=63593"}],"version-history":[{"count":0,"href":"https:\/\/afaghhosting.net\/blog\/wp-json\/wp\/v2\/posts\/63593\/revisions"}],"wp:attachment":[{"href":"https:\/\/afaghhosting.net\/blog\/wp-json\/wp\/v2\/media?parent=63593"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/afaghhosting.net\/blog\/wp-json\/wp\/v2\/categories?post=63593"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/afaghhosting.net\/blog\/wp-json\/wp\/v2\/tags?post=63593"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}