CVE Catalog

CVE-2025-65670

MediumCVSS 4.3
Published: Updated: Translated: NVD NIST

Exploitation Probability (EPSS)

Low risk
0.21%

12th percentile - higher than 12% of all known CVEs

Summary

An IDOR vulnerability in classroomio 0.1.13 allows students to access sensitive admin/teacher endpoints by manipulating course IDs in URLs, resulting in temporary unauthorized disclosure of sensitive course, admin, and student data before the system reverts to normal access restrictions.

Risk Assessment

The risk involves unauthorized access to administrative and other users' data, potentially compromising system confidentiality and leading to sensitive information leakage.

Recommendation

Immediately update classroomio to the latest patched version and implement authorization checks on all endpoints to prevent ID manipulation.

Original NVD description (English source)

An Insecure Direct Object Reference (IDOR) in classroomio 0.1.13 allows students to access sensitive admin/teacher endpoints by manipulating course IDs in URLs, resulting in unauthorized disclosure of sensitive course, admin, and student data. The leak occurs momentarily before the system reverts to a normal state restricting access.

Vulnerability data from NVD (NIST) · CISA KEV · EPSS