CVE-2025-65669
CriticalCVSS 9.1Exploitation Probability (EPSS)
Low risk34th percentile - higher than 34% of all known CVEs
Summary
In classroomio 0.1.13, student accounts can delete courses from the Explore page without any authorization or authentication checks, bypassing the expected admin-only deletion restriction.
Risk Assessment
The risk is that unauthorized users (students) can permanently delete courses, leading to data loss and disruption of the educational platform.
Recommendation
Immediately update classroomio to the latest version that fixes this vulnerability and implement proper access controls for course deletion operations.
Original NVD description (English source)
An issue was discovered in classroomio 0.1.13. Student accounts are able to delete courses from the Explore page without any authorization or authentication checks, bypassing the expected admin-only deletion restriction.

