CVE-2025-59577 (GCVE-0-2025-59577)
Vulnerability from cvelistv5
Published
2025-09-22 18:25
Modified
2025-09-23 17:50
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-362 - Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')
Summary
Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') vulnerability in Stylemix MasterStudy LMS allows Leveraging Race Conditions. This issue affects MasterStudy LMS: from n/a through 3.6.20.
References
Impacted products
Vendor | Product | Version | ||
---|---|---|---|---|
Stylemix | MasterStudy LMS |
Version: n/a < |
{ "containers": { "adp": [ { "metrics": [ { "other": { "content": { "id": "CVE-2025-59577", "options": [ { "Exploitation": "none" }, { "Automatable": "no" }, { "Technical Impact": "partial" } ], "role": "CISA Coordinator", "timestamp": "2025-09-23T17:48:14.220513Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2025-09-23T17:50:34.811Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" } ], "cna": { "affected": [ { "collectionURL": "https://wordpress.org/plugins", "defaultStatus": "unaffected", "packageName": "masterstudy-lms-learning-management-system", "product": "MasterStudy LMS", "vendor": "Stylemix", "versions": [ { "changes": [ { "at": "3.6.21", "status": "unaffected" } ], "lessThanOrEqual": "3.6.20", "status": "affected", "version": "n/a", "versionType": "custom" } ] } ], "credits": [ { "lang": "en", "type": "finder", "user": "00000000-0000-4000-9000-000000000000", "value": "Bibek Dhakal (Patchstack Alliance)" } ], "descriptions": [ { "lang": "en", "supportingMedia": [ { "base64": false, "type": "text/html", "value": "\u003cp\u003eConcurrent Execution using Shared Resource with Improper Synchronization (\u0027Race Condition\u0027) vulnerability in Stylemix MasterStudy LMS allows Leveraging Race Conditions.\u003c/p\u003e\u003cp\u003eThis issue affects MasterStudy LMS: from n/a through 3.6.20.\u003c/p\u003e" } ], "value": "Concurrent Execution using Shared Resource with Improper Synchronization (\u0027Race Condition\u0027) vulnerability in Stylemix MasterStudy LMS allows Leveraging Race Conditions. This issue affects MasterStudy LMS: from n/a through 3.6.20." } ], "impacts": [ { "capecId": "CAPEC-26", "descriptions": [ { "lang": "en", "value": "CAPEC-26 Leveraging Race Conditions" } ] } ], "metrics": [ { "cvssV3_1": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 4.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "LOW", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N", "version": "3.1" }, "format": "CVSS", "scenarios": [ { "lang": "en", "value": "GENERAL" } ] } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-362", "description": "CWE-362 Concurrent Execution using Shared Resource with Improper Synchronization (\u0027Race Condition\u0027)", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2025-09-22T18:25:54.337Z", "orgId": "21595511-bba5-4825-b968-b78d1f9984a3", "shortName": "Patchstack" }, "references": [ { "tags": [ "vdb-entry" ], "url": "https://patchstack.com/database/wordpress/plugin/masterstudy-lms-learning-management-system/vulnerability/wordpress-masterstudy-lms-plugin-3-6-20-race-condition-vulnerability?_s_id=cve" } ], "solutions": [ { "lang": "en", "supportingMedia": [ { "base64": false, "type": "text/html", "value": "Update the WordPress MasterStudy LMS plugin to the latest available version (at least 3.6.21)." } ], "value": "Update the WordPress MasterStudy LMS plugin to the latest available version (at least 3.6.21)." } ], "source": { "discovery": "EXTERNAL" }, "title": "WordPress MasterStudy LMS Plugin \u003c= 3.6.20 - Race Condition Vulnerability", "x_generator": { "engine": "Vulnogram 0.2.0" } } }, "cveMetadata": { "assignerOrgId": "21595511-bba5-4825-b968-b78d1f9984a3", "assignerShortName": "Patchstack", "cveId": "CVE-2025-59577", "datePublished": "2025-09-22T18:25:54.337Z", "dateReserved": "2025-09-17T18:01:03.001Z", "dateUpdated": "2025-09-23T17:50:34.811Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1", "vulnerability-lookup:meta": { "nvd": "{\"cve\":{\"id\":\"CVE-2025-59577\",\"sourceIdentifier\":\"audit@patchstack.com\",\"published\":\"2025-09-22T19:16:26.047\",\"lastModified\":\"2025-09-22T21:22:16.313\",\"vulnStatus\":\"Awaiting Analysis\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"Concurrent Execution using Shared Resource with Improper Synchronization (\u0027Race Condition\u0027) vulnerability in Stylemix MasterStudy LMS allows Leveraging Race Conditions. This issue affects MasterStudy LMS: from n/a through 3.6.20.\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"audit@patchstack.com\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N\",\"baseScore\":4.3,\"baseSeverity\":\"MEDIUM\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"LOW\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"LOW\",\"availabilityImpact\":\"NONE\"},\"exploitabilityScore\":2.8,\"impactScore\":1.4}]},\"weaknesses\":[{\"source\":\"audit@patchstack.com\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-362\"}]}],\"references\":[{\"url\":\"https://patchstack.com/database/wordpress/plugin/masterstudy-lms-learning-management-system/vulnerability/wordpress-masterstudy-lms-plugin-3-6-20-race-condition-vulnerability?_s_id=cve\",\"source\":\"audit@patchstack.com\"}]}}", "vulnrichment": { "containers": "{\"cna\": {\"providerMetadata\": {\"orgId\": \"21595511-bba5-4825-b968-b78d1f9984a3\", \"shortName\": \"Patchstack\", \"dateUpdated\": \"2025-09-22T18:25:54.337Z\"}, \"title\": \"WordPress MasterStudy LMS Plugin \u003c= 3.6.20 - Race Condition Vulnerability\", \"problemTypes\": [{\"descriptions\": [{\"cweId\": \"CWE-362\", \"description\": \"CWE-362 Concurrent Execution using Shared Resource with Improper Synchronization (\u0027Race Condition\u0027)\", \"lang\": \"en\", \"type\": \"CWE\"}]}], \"impacts\": [{\"capecId\": \"CAPEC-26\", \"descriptions\": [{\"lang\": \"en\", \"value\": \"CAPEC-26 Leveraging Race Conditions\"}]}], \"affected\": [{\"vendor\": \"Stylemix\", \"collectionURL\": \"https://wordpress.org/plugins\", \"defaultStatus\": \"unaffected\", \"packageName\": \"masterstudy-lms-learning-management-system\", \"product\": \"MasterStudy LMS\", \"versions\": [{\"lessThanOrEqual\": \"3.6.20\", \"status\": \"affected\", \"version\": \"n/a\", \"versionType\": \"custom\", \"changes\": [{\"at\": \"3.6.21\", \"status\": \"unaffected\"}]}]}], \"descriptions\": [{\"lang\": \"en\", \"value\": \"Concurrent Execution using Shared Resource with Improper Synchronization (\u0027Race Condition\u0027) vulnerability in Stylemix MasterStudy LMS allows Leveraging Race Conditions. This issue affects MasterStudy LMS: from n/a through 3.6.20.\", \"supportingMedia\": [{\"type\": \"text/html\", \"base64\": false, \"value\": \"\u003cp\u003eConcurrent Execution using Shared Resource with Improper Synchronization (\u0027Race Condition\u0027) vulnerability in Stylemix MasterStudy LMS allows Leveraging Race Conditions.\u003c/p\u003e\u003cp\u003eThis issue affects MasterStudy LMS: from n/a through 3.6.20.\u003c/p\u003e\"}]}], \"references\": [{\"tags\": [\"vdb-entry\"], \"url\": \"https://patchstack.com/database/wordpress/plugin/masterstudy-lms-learning-management-system/vulnerability/wordpress-masterstudy-lms-plugin-3-6-20-race-condition-vulnerability?_s_id=cve\"}], \"metrics\": [{\"format\": \"CVSS\", \"scenarios\": [{\"lang\": \"en\", \"value\": \"GENERAL\"}], \"cvssV3_1\": {\"baseScore\": 4.3, \"vectorString\": \"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N\", \"baseSeverity\": \"MEDIUM\", \"attackComplexity\": \"LOW\", \"attackVector\": \"NETWORK\", \"availabilityImpact\": \"NONE\", \"confidentialityImpact\": \"NONE\", \"integrityImpact\": \"LOW\", \"privilegesRequired\": \"LOW\", \"scope\": \"UNCHANGED\", \"userInteraction\": \"NONE\", \"version\": \"3.1\"}}], \"solutions\": [{\"lang\": \"en\", \"supportingMedia\": [{\"base64\": false, \"type\": \"text/html\", \"value\": \"Update the WordPress MasterStudy LMS plugin to the latest available version (at least 3.6.21).\"}], \"value\": \"Update the WordPress MasterStudy LMS plugin to the latest available version (at least 3.6.21).\"}], \"credits\": [{\"lang\": \"en\", \"type\": \"finder\", \"user\": \"00000000-0000-4000-9000-000000000000\", \"value\": \"Bibek Dhakal (Patchstack Alliance)\"}], \"source\": {\"discovery\": \"EXTERNAL\"}, \"x_generator\": {\"engine\": \"Vulnogram 0.2.0\"}}, \"adp\": [{\"title\": \"CISA ADP Vulnrichment\", \"metrics\": [{\"other\": {\"type\": \"ssvc\", \"content\": {\"id\": \"CVE-2025-59577\", \"role\": \"CISA Coordinator\", \"options\": [{\"Exploitation\": \"none\"}, {\"Automatable\": \"no\"}, {\"Technical Impact\": \"partial\"}], \"version\": \"2.0.3\", \"timestamp\": \"2025-09-23T17:48:14.220513Z\"}}}], \"providerMetadata\": {\"orgId\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"shortName\": \"CISA-ADP\", \"dateUpdated\": \"2025-09-23T17:48:14.998Z\"}}]}", "cveMetadata": "{\"cveId\": \"CVE-2025-59577\", \"assignerOrgId\": \"21595511-bba5-4825-b968-b78d1f9984a3\", \"state\": \"PUBLISHED\", \"assignerShortName\": \"Patchstack\", \"dateReserved\": \"2025-09-17T18:01:03.001Z\", \"datePublished\": \"2025-09-22T18:25:54.337Z\", \"dateUpdated\": \"2025-09-23T17:50:34.811Z\"}", "dataType": "CVE_RECORD", "dataVersion": "5.1" } } }
Loading…
Loading…
Sightings
Author | Source | Type | Date |
---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.
Loading…