EUVD-2025-38446

🗓️ 09 Nov 2025 09:30:15Reported by EUVDType

Security flaw in Yungifez Skuul School Management System up to 2.6.5 allows exploiting invoice_id to control resource identifiers on the fee invoices page.

Reporter	Title	Published	Views	Family All 11
Circl	CVE-2025-12918	9 Nov 202509:21	–	circl
CNNVD	Skuul school management system 安全漏洞	9 Nov 202500:00	–	cnnvd
CVE	CVE-2025-12918	9 Nov 202508:02	–	cve
Cvelist	CVE-2025-12918 yungifez Skuul School Management System View Fee Invoice fee-invoices resource injection	9 Nov 202508:02	–	cvelist
Github Security Blog	Skuul School Management System has an Insecure Direct Object Reference (IDOR) Vulnerability in View Fee Invoice	9 Nov 202509:30	–	github
NVD	CVE-2025-12918	9 Nov 202508:15	–	nvd
OSV	GHSA-FQQ7-H225-8W6H Skuul School Management System has an Insecure Direct Object Reference (IDOR) Vulnerability in View Fee Invoice	9 Nov 202509:30	–	osv
Positive Technologies	PT-2025-45577	9 Nov 202500:00	–	ptsecurity
RedhatCVE	CVE-2025-12918	10 Nov 202512:22	–	redhatcve
Snyk	Resource Injection	9 Nov 202508:39	–	snyk

[
  {
    "enisaIdVendor": [
      {
        "id": "78e46090-1b5b-3ddf-9668-4fd7b5c664fe",
        "vendor": {
          "name": "yungifez"
        }
      }
    ],
    "enisaIdProduct": [
      {
        "id": "3a69b6b6-bec8-339f-9b69-9ad98e52cc56",
        "product": {
          "name": "Skuul School Management System"
        },
        "product_version": "2.6.2"
      },
      {
        "id": "66f6c88d-5a4e-39ee-9342-4fc13f4e62a8",
        "product": {
          "name": "Skuul School Management System"
        },
        "product_version": "2.6.4"
      },
      {
        "id": "9da0e9cc-cbbf-3db0-bc09-0ed9af2b46c5",
        "product": {
          "name": "Skuul School Management System"
        },
        "product_version": "2.6.1"
      },
      {
        "id": "b3f8003f-75d3-3cd6-be29-e559f81cc815",
        "product": {
          "name": "Skuul School Management System"
        },
        "product_version": "2.6.3"
      },
      {
        "id": "bad73d0a-97db-3363-80df-7bd7af4b0fb4",
        "product": {
          "name": "Skuul School Management System"
        },
        "product_version": "2.6.5"
      },
      {
        "id": "bc30460a-a5d3-3b13-856c-ab4e71eb0993",
        "product": {
          "name": "Skuul School Management System"
        },
        "product_version": "2.6.0"
      }
    ]
  }
]

Source	Link
vuldb	www.vuldb.com/
vuldb	www.vuldb.com/
vuldb	www.vuldb.com/
gist	www.gist.github.com/thezeekhan/fbfa9a7dbc0b0b81fd868ee166839041
gist	www.gist.github.com/thezeekhan/fbfa9a7dbc0b0b81fd868ee166839041
nvd	www.nvd.nist.gov/vuln/detail/CVE-2025-12918

09 Nov 2025 09:30Current

5.9Medium risk

Vulners AI Score5.9

CVSS 42.3

CVSS 22.1

CVSS 3.13.1

CVSS 33.1

EPSS0.00036