CVE-2025-56747

Medium CVSS: 6.5

Creativeitem Academy LMS up to and including 5.13 contains a privilege escalation vulnerability in the Api_instructor controller where regular authenticated users can access instructor-only functions without proper role validation, allowing unauthorized course creation and management.

Vendor

Creativeitem

Product

Academy Lms

CWE

CWE-269

Yayın Tarihi

2025-10-14 15:16:10

Güncelleme

2025-10-21 14:39:24

Source Identifier

cve@mitre.org

KEV Date Added

Kategoriler

CWE-269 Academy Lms MEDIUM Creativeitem 2025

Referanslar

https://suryadina.com/academy-lms-instructor-escalation-3n7b9f2w5k

Benzer Kayıtlar

Medium

CVE-2025-71179

Creativeitem Academy LMS 7.0 contains reflected Cross-Site Scripting (XSS) vulnerabilities via the search parameter to t…

Medium

CVE-2023-53876

Academy LMS 6.1 contains a file upload vulnerability that allows authenticated users to upload malicious SVG files with…

Medium

CVE-2025-56748

Creativeitem Academy LMS up to and including 5.13 uses predictable password reset tokens based on Base64 encoded templat…

Critical

CVE-2025-56749

Creativeitem Academy LMS up to and including 6.14 uses a hardcoded default JWT secret for token signing. This predictabl…

Low

CVE-2025-56746

Creativeitem Academy LMS up to and including 5.13 does not regenerate session IDs upon successful authentication, enabli…

Medium

CVE-2025-40990

Stored Cross Site Scripting vulnerability in Ekushey CRM v5.0 by Creativeitem, due to lack of proper validation of user…