CVE-2025-65670

Medium CVSS: 4.3

An Insecure Direct Object Reference (IDOR) in classroomio 0.1.13 allows students to access sensitive admin/teacher endpoints by manipulating course IDs in URLs, resulting in unauthorized disclosure of sensitive course, admin, and student data. The leak occurs momentarily before the system reverts to a normal state restricting access.

Vendor

Classroomio

Product

Classroomio

CWE

CWE-639

Yayın Tarihi

2025-11-26 20:15:49

Güncelleme

2025-12-03 20:51:27

Source Identifier

cve@mitre.org

KEV Date Added

Kategoriler

CWE-639 Classroomio MEDIUM Classroomio 2025

Referanslar

http://classroomio.com https://github.com/Rivek619/CVE-2025-65670 https://github.com/classroomio/classroomio

Benzer Kayıtlar

High

CVE-2025-67298

An issue in ClasroomIO before v.0.2.6 allows a remote attacker to escalate privileges via the endpoints /api/verify and…

Medium

CVE-2025-65675

Stored Cross site scripting (XSS) vulnerability in Classroomio LMS 0.1.13 allows authenticated attackers to execute arbi…

Medium

CVE-2025-65676

Stored Cross site scripting (XSS) vulnerability in Classroomio LMS 0.1.13 allows authenticated attackers to execute arbi…

Critical

CVE-2025-65669

An issue was discovered in classroomio 0.1.13. Student accounts are able to delete courses from the Explore page without…

High

CVE-2025-65672

Insecure Direct Object Reference (IDOR) in classroomio 0.1.13 allows unauthorized share and invite access to course sett…