CVE-2025-65672

High CVSS: 7.5

Insecure Direct Object Reference (IDOR) in classroomio 0.1.13 allows unauthorized share and invite access to course settings.

Vendor

Product

CWE

Yayın Tarihi

2025-11-26 19:15:47

Güncelleme

2025-12-05 14:30:55

Source Identifier

cve@mitre.org

KEV Date Added

CWE-639 Classroomio HIGH Classroomio 2025

http://classroomio.com https://github.com/Rivek619/CVE-2025-65672 https://github.com/classroomio/classroomio

High

CVE-2025-67298

An issue in ClasroomIO before v.0.2.6 allows a remote attacker to escalate privileges via the endpoints /api/verify and…

Medium

CVE-2025-65670

An Insecure Direct Object Reference (IDOR) in classroomio 0.1.13 allows students to access sensitive admin/teacher endpo…

Medium

CVE-2025-65675

Stored Cross site scripting (XSS) vulnerability in Classroomio LMS 0.1.13 allows authenticated attackers to execute arbi…

Medium

CVE-2025-65676

Stored Cross site scripting (XSS) vulnerability in Classroomio LMS 0.1.13 allows authenticated attackers to execute arbi…

Critical

CVE-2025-65669

An issue was discovered in classroomio 0.1.13. Student accounts are able to delete courses from the Explore page without…