CVE-2025-65669

Critical CVSS: 9.1

An issue was discovered in classroomio 0.1.13. Student accounts are able to delete courses from the Explore page without any authorization or authentication checks, bypassing the expected admin-only deletion restriction.

Vendor

Classroomio

Product

Classroomio

CWE

CWE-862

Yayın Tarihi

2025-11-26 19:15:47

Güncelleme

2025-12-03 20:50:01

Source Identifier

cve@mitre.org

KEV Date Added

Kategoriler

CWE-862 Classroomio CRITICAL Classroomio 2025

Referanslar

http://classroomio.com https://github.com/Rivek619/CVE-2025-65669 https://github.com/classroomio/classroomio https://github.com/Rivek619/CVE-2025-65669

Benzer Kayıtlar

High

CVE-2025-67298

An issue in ClasroomIO before v.0.2.6 allows a remote attacker to escalate privileges via the endpoints /api/verify and…

Medium

CVE-2025-65670

An Insecure Direct Object Reference (IDOR) in classroomio 0.1.13 allows students to access sensitive admin/teacher endpo…

Medium

CVE-2025-65675

Stored Cross site scripting (XSS) vulnerability in Classroomio LMS 0.1.13 allows authenticated attackers to execute arbi…

Medium

CVE-2025-65676

Stored Cross site scripting (XSS) vulnerability in Classroomio LMS 0.1.13 allows authenticated attackers to execute arbi…

High

CVE-2025-65672

Insecure Direct Object Reference (IDOR) in classroomio 0.1.13 allows unauthorized share and invite access to course sett…