serosoft CVE Vulnerabilities & Metrics

Focus on serosoft vulnerabilities and metrics.

Last updated: 29 Jun 2025, 22:25 UTC

About serosoft Security Exposure

This page consolidates all known Common Vulnerabilities and Exposures (CVEs) associated with serosoft. We track both calendar-based metrics (using fixed periods) and rolling metrics (using gliding windows) to give you a comprehensive view of security trends and risk evolution. Use these insights to assess risk and plan your patching strategy.

For a broader perspective on cybersecurity threats, explore the comprehensive list of CVEs by vendor and product. Stay updated on critical vulnerabilities affecting major software and hardware providers.

Global CVE Overview

Total serosoft CVEs: 7
Earliest CVE date: 03 Mar 2025, 01:15 UTC
Latest CVE date: 03 Mar 2025, 01:15 UTC

Latest CVE reference: CVE-2025-27585

Rolling Stats

30-day Count (Rolling): 0
365-day Count (Rolling): 7

Calendar-based Variation

Calendar-based Variation compares a fixed calendar period (e.g., this month versus the same month last year), while Rolling Growth Rate uses a continuous window (e.g., last 30 days versus the previous 30 days) to capture trends independent of calendar boundaries.

Variations & Growth

Month Variation (Calendar): 0%
Year Variation (Calendar): 0%

Month Growth Rate (30-day Rolling): 0.0%
Year Growth Rate (365-day Rolling): 0.0%

Monthly CVE Trends (current vs previous Year)

Annual CVE Trends (Last 20 Years)

Critical serosoft CVEs (CVSS ≥ 9) Over 20 Years

CVSS Stats

Average CVSS: 0.0

Max CVSS: 0

Critical CVEs (≥9): 0

CVSS Range vs. Count

Range	Count
0.0-3.9	7
4.0-6.9	0
7.0-8.9	0
9.0-10.0	0

CVSS Distribution Chart

Top 5 Highest CVSS serosoft CVEs

These are the five CVEs with the highest CVSS scores for serosoft, sorted by severity first and recency.

CVE-2025-27585 serosoft Published on 03 Mar 2025, 01:15 UTC (CVSS: 0)
A stored cross-site scripting (XSS) vulnerability in Serosoft Solutions Pvt Ltd Academia Student Information System (SIS) EagleR v1.0.118 allows attackers to execute arbitrary web scripts or HTML via injecting a crafted payload into the Print Name parameter at /rest/staffResource/update.
CVE-2025-27584 serosoft Published on 03 Mar 2025, 01:15 UTC (CVSS: 0)
A stored cross-site scripting (XSS) vulnerability in Serosoft Solutions Pvt Ltd Academia Student Information System (SIS) EagleR v1.0.118 allows attackers to execute arbitrary web scripts or HTML via injecting a crafted payload into the First Name parameter at /rest/staffResource/update.
CVE-2025-27583 serosoft Published on 03 Mar 2025, 01:15 UTC (CVSS: 0)
Incorrect access control in the component /rest/staffResource/findAllUsersAcrossOrg of Serosoft Solutions Pvt Ltd Academia Student Information System (SIS) EagleR v1.0.118 allows create and modify user accounts, including an Administrator account.
CVE-2025-25953 serosoft Published on 03 Mar 2025, 01:15 UTC (CVSS: 0)
Serosoft Solutions Pvt Ltd Academia Student Information System (SIS) EagleR v1.0.118 was discovered to contain an Azure JWT access token exposure. This vulnerability allows authenticated attackers to escalate privileges and access sensitive information.
CVE-2025-25952 serosoft Published on 03 Mar 2025, 01:15 UTC (CVSS: 0)
An Insecure Direct Object References (IDOR) in the component /getStudemtAllDetailsById?studentId=XX of Serosoft Solutions Pvt Ltd Academia Student Information System (SIS) EagleR v1.0.118 allows attackers to access sensitive user information via a crafted API request.

All CVEs for serosoft

CVE-2025-27585 serosoft vulnerability CVSS: 0 03 Mar 2025, 01:15 UTC

A stored cross-site scripting (XSS) vulnerability in Serosoft Solutions Pvt Ltd Academia Student Information System (SIS) EagleR v1.0.118 allows attackers to execute arbitrary web scripts or HTML via injecting a crafted payload into the Print Name parameter at /rest/staffResource/update.

CVE-2025-27584 serosoft vulnerability CVSS: 0 03 Mar 2025, 01:15 UTC

A stored cross-site scripting (XSS) vulnerability in Serosoft Solutions Pvt Ltd Academia Student Information System (SIS) EagleR v1.0.118 allows attackers to execute arbitrary web scripts or HTML via injecting a crafted payload into the First Name parameter at /rest/staffResource/update.

CVE-2025-27583 serosoft vulnerability CVSS: 0 03 Mar 2025, 01:15 UTC

Incorrect access control in the component /rest/staffResource/findAllUsersAcrossOrg of Serosoft Solutions Pvt Ltd Academia Student Information System (SIS) EagleR v1.0.118 allows create and modify user accounts, including an Administrator account.

CVE-2025-25953 serosoft vulnerability CVSS: 0 03 Mar 2025, 01:15 UTC

Serosoft Solutions Pvt Ltd Academia Student Information System (SIS) EagleR v1.0.118 was discovered to contain an Azure JWT access token exposure. This vulnerability allows authenticated attackers to escalate privileges and access sensitive information.

CVE-2025-25952 serosoft vulnerability CVSS: 0 03 Mar 2025, 01:15 UTC

An Insecure Direct Object References (IDOR) in the component /getStudemtAllDetailsById?studentId=XX of Serosoft Solutions Pvt Ltd Academia Student Information System (SIS) EagleR v1.0.118 allows attackers to access sensitive user information via a crafted API request.

CVE-2025-25951 serosoft vulnerability CVSS: 0 03 Mar 2025, 01:15 UTC

An information disclosure vulnerability in the component /rest/cb/executeBasicSearch of Serosoft Solutions Pvt Ltd Academia Student Information System (SIS) EagleR v1.0.118 allows attackers to access sensitive user information.

CVE-2025-25950 serosoft vulnerability CVSS: 0 03 Mar 2025, 01:15 UTC

Incorrect access control in the component /rest/staffResource/update of Serosoft Solutions Pvt Ltd Academia Student Information System (SIS) EagleR v1.0.118 allows create and modify user accounts, including an Administrator account.