CVE Catalog

CVE-2025-65669

CriticalCVSS 9.1
Published: Updated: Translated: NVD NIST

Exploitation Probability (EPSS)

Low risk
0.43%

34th percentile - higher than 34% of all known CVEs

Summary

In classroomio 0.1.13, student accounts can delete courses from the Explore page without any authorization or authentication checks, bypassing the expected admin-only deletion restriction.

Risk Assessment

The risk is that unauthorized users (students) can permanently delete courses, leading to data loss and disruption of the educational platform.

Recommendation

Immediately update classroomio to the latest version that fixes this vulnerability and implement proper access controls for course deletion operations.

Original NVD description (English source)

An issue was discovered in classroomio 0.1.13. Student accounts are able to delete courses from the Explore page without any authorization or authentication checks, bypassing the expected admin-only deletion restriction.

Vulnerability data from NVD (NIST) · CISA KEV · EPSS