CVE-2025-65670

Severity CVSS v4.0:

Pending analysis

Type:

Unavailable / Other

Publication date:

26/11/2025

Last modified:

26/11/2025

Description

An Insecure Direct Object Reference (IDOR) in classroomio 0.1.13 allows students to access sensitive admin/teacher endpoints by manipulating course IDs in URLs, resulting in unauthorized disclosure of sensitive course, admin, and student data. The leak occurs momentarily before the system reverts to a normal state restricting access.

Impact

References to Advisories, Solutions, and Tools

http://classroomio.com
https://github.com/Rivek619/CVE-2025-65670
https://github.com/classroomio/classroomio