Is there a public PoC exploit available for CVE-2025-5985?

Yes, a public proof-of-concept exploit is available for CVE-2025-5985. Prioritise patching immediately. EPSS: 0.2%.

How to fix or mitigate CVE-2025-5985?

Within 24 hours: Isolate affected School Fees Payment System instances from direct internet access and disable remote authentication if possible. Within 7 days: Implement network segmentation, deploy WAF rules to block suspicious authentication requests, and enable enhanced logging/monitoring on authentication attempts. Within 30 days: Evaluate alternative payment processing solutions, apply vendor patch immediately upon release, conduct forensic audit for unauthorized access, and implement multi-factor authentication where feasible.

CVE-2025-5985

Q: What is the CVSS score of CVE-2025-5985?

CVE-2025-5985 has a CVSS 4.0 base score of 5.5 (Medium). CVSS vector: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X. EPSS exploitation probability: 0.2%.

EUVD-2025-18068 MEDIUM

Improper Authentication (CWE-287)

2025-06-10 cna@vuldb.com

Authentication Bypass

5.5

CVSS 4.0 · NVD

Severity by source

NVD PRIMARY

5.5 MEDIUM

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

Attack Vector

Network

Attack Complexity

Low

Privileges Required

None

User Interaction

None

Scope

Lifecycle Timeline

Severity Changed

Apr 29, 2026 - 01:11 NVD

HIGH MEDIUM

CVSS changed

Apr 29, 2026 - 01:11 NVD

7.3 (HIGH) 5.5 (MEDIUM)

EUVD ID Assigned

Mar 14, 2026 - 19:49 euvd

EUVD-2025-18068

Analysis Generated

Mar 14, 2026 - 19:49 vuln.today

PoC Detected

Jun 17, 2025 - 20:34 vuln.today

Public exploit code

CVE Published

Jun 10, 2025 - 23:15 nvd

HIGH 7.3

DescriptionCVE.org

A vulnerability was found in code-projects School Fees Payment System 1.0 and classified as critical. Affected by this issue is some unknown functionality. The manipulation leads to improper authentication. The attack may be launched remotely. The exploit has been disclosed to the public and may be used.

AnalysisAI

Critical improper authentication vulnerability in code-projects School Fees Payment System version 1.0 that allows unauthenticated remote attackers to bypass authentication controls and gain unauthorized access to the system. The vulnerability has been publicly disclosed with proof-of-concept exploitation details available, making it an active threat with high likelihood of real-world exploitation against educational institutions and payment processing systems.

Technical ContextAI

This vulnerability stems from a CWE-287 (Improper Authentication) flaw in the School Fees Payment System, indicating a fundamental weakness in how the application validates user credentials or session tokens. The root cause likely involves inadequate or missing authentication checks in one or more API endpoints or functional modules responsible for user access control. Given the context of a school fees payment system, the vulnerability probably affects authentication mechanisms protecting sensitive functions such as payment processing, student record access, or administrative dashboards. The 'unknown functionality' designation suggests the exact vulnerable code path has not been fully disclosed, but the authentication bypass enables complete circumvention of access controls.

CVE-2025-5985 vulnerability details – vuln.today

Back