CVEDB API

Vulnerabilities

By Date
Known Exploited
Advanced Search

Vulnerable Software

Vendors
Products

Vulnerability Details CVE-2025-65670

An Insecure Direct Object Reference (IDOR) in classroomio 0.1.13 allows students to access sensitive admin/teacher endpoints by manipulating course IDs in URLs, resulting in unauthorized disclosure of sensitive course, admin, and student data. The leak occurs momentarily before the system reverts to a normal state restricting access.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.0

EPSS Ranking 7.0%

CVSS Severity

CVSS v3 Score 4.3

References

http://classroomio.com
https://github.com/Rivek619/CVE-2025-65670
https://github.com/classroomio/classroomio

Products affected by CVE-2025-65670

Classroomio » Classroomio » Version: 0.1.13

cpe:2.3:a:classroomio:classroomio:0.1.13

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2025-65670

Products

Pricing

Contact Us