CVE-2025-65670

Published
View on NVD ↗
CVSS v3
4.3
MEDIUM
CVSS v2
N/A
Affected
2
PROJECTS

Description

An Insecure Direct Object Reference (IDOR) in classroomio 0.1.13 allows students to access sensitive admin/teacher endpoints by manipulating course IDs in URLs, resulting in unauthorized disclosure of sensitive course, admin, and student data. The leak occurs momentarily before the system reverts to a normal state restricting access.

Rivek619/CVE-2025-65670
Rivek619/CVE-2025-65670
An (IDOR) in classroomio 0.1.13 allows students to access sensitive admin/teacher endpoints. Discovered by - Rivek Raj Tamang (RivuDon), Sikkim, India.
GitHubGitHub
classroomio/classroomio
classroomio/classroomio
The Open Source Education Platform. A Simple and Beautiful Alternative to Moodle LMS, EdX, Thinkific and Teachable
GitHubGitHub
1.56K