exploitDog

CVE-2025-65670

Опубликовано: 26 нояб. 2025

Источник: nvd

CVSS3: 4.3

EPSS Низкий

Описание

An Insecure Direct Object Reference (IDOR) in classroomio 0.1.13 allows students to access sensitive admin/teacher endpoints by manipulating course IDs in URLs, resulting in unauthorized disclosure of sensitive course, admin, and student data. The leak occurs momentarily before the system reverts to a normal state restricting access.

Ссылки

http://classroomio.com
Product
https://github.com/Rivek619/CVE-2025-65670
Exploit
Third Party Advisory
https://github.com/classroomio/classroomio
Product

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:classroomio:classroomio:0.1.13:*:*:*:*:*:*:*

EPSS

Процентиль: 11%

0.00038

Низкий

4.3 Medium

CVSS3

Дефекты

CWE-639

Связанные уязвимости

GHSA-mh75-3225-9wcj

CVSS3: 4.3

github

2 месяца назад

An Insecure Direct Object Reference (IDOR) in classroomio 0.1.13 allows students to access sensitive admin/teacher endpoints by manipulating course IDs in URLs, resulting in unauthorized disclosure of sensitive course, admin, and student data. The leak occurs momentarily before the system reverts to a normal state restricting access.

EPSS

Процентиль: 11%

0.00038

Низкий

4.3 Medium

CVSS3

Дефекты

CWE-639