WRITEUP

WRITEUP

Exploit for CVE-2026-25885 - PolarLearn <0-PRERELEASE-16 - SSRF

AI Analysis

The patch addresses an authentication bypass vulnerability in PolarLearn's WebSocket handling. It enforces proper user validation and role-based access control for group subscriptions and chat messages, preventing unauthorized access.

Attack Type

auth_bypass

Complexity

moderate

Reliability

reliable

MITRE ATT&CK

T1190 - Exploit Public-Facing Application

Loading exploit code...

Download ZIP Password: eip

Source

Platform Writeup

Type patch

Files 1

https://github.com/polarnl/PolarLearn/commit/3ba588fda0d3f8e238483a20772719f27e52e79f

Authors

andr3i1010

Vulnerability

CVE-2026-25885

PolarLearn <0-PRERELEASE-16 - SSRF

HIGH

CVSS 7.5