CVE-2025-25617 PoC — Unifiedtransform 访问控制错误漏洞

Source

https://github.com/armaansidana2003/CVE-2025-25617

Associated Vulnerability

Title:Unifiedtransform 访问控制错误漏洞 (CVE-2025-25617)
Description:Unifiedtransform是Sourceforge开源的一款开源的学校管理软件。可对学校运营进行全面高效的管理。 Unifiedtransform 2.X存在安全漏洞，该漏洞源于访问控制不当，可能导致权限提升。

Readme

# CVE-2025-25617

Unifiedtransform v2.X is vulnerable to Incorrect Access Control, allowing teachers to create syllabus entries — a role intended only for administrators.  

Vendor: [Unifiedtransform](https://github.com/changeweb/Unifiedtransform)  

---

## PoC

**Step 1:** Log in to the application as a Teacher.  

**Step 2:** Browse to the following endpoint:  
/syllabus/create

**Step 3:** Fill in the required fields and click on save.  

**Impact:** Teachers gaining the ability to create syllabus entries can disrupt the academic workflow, as this functionality should be restricted to administrators only. This can lead to unauthorized and potentially incorrect syllabus data being added, creating confusion and mismanagement.  

---

**Vulnerability Type:** Incorrect Access Control  
**Attack Type:** Remote  
**Impact:** Escalation of Privileges  
**Attack Vectors:** Broken Access Control allows teachers to create syllabus entries without proper authorization.  

**Discoverer:** Armaan Sidana  

**References:**  
- [Unifiedtransform Official Site](http://unifiedtransform.com)  
- [Unifiedtransform GitHub Repository](https://github.com/changeweb/Unifiedtransform)

File Snapshot


 [4.0K]  /data/pocs/95b3fe10a61832ebe3fd5f2edac69c5743a1f4c2
└── [1.2K]  README.md

0 directories, 1 file

Shenlong Bot has cached this for you

Remarks

1. It is advised to access via the original source first.

2. If the original source is unavailable, please email f.jinxu#gmail.com for a local snapshot (replace # with @).

3. Shenlong has snapshotted the POC code for you. To support long-term maintenance, please consider donating. Thank you for your support.

Goal Reached Thanks to every supporter — we hit 100%!