CVE-2025-25615

LOW

Unifiedtransform 2.0 - Improper Access Control

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2025-25615. PoCs published by armaansidana2003.

AI-analyzed exploit summary This repository contains a writeup describing an Incorrect Access Control vulnerability in Unifiedtransform v2.0, allowing teachers to view attendance data for any class section. The PoC involves accessing a specific endpoint with modified parameters.

Description

Unifiedtransform 2.0 is vulnerable to Incorrect Access Control which allows viewing attendance list for all class sections.

Exploits (1)

nomisec WRITEUP

by armaansidana2003 · poc

https://github.com/armaansidana2003/CVE-2025-25615

View Code ZIP pw:eip

This repository contains a writeup describing an Incorrect Access Control vulnerability in Unifiedtransform v2.0, allowing teachers to view attendance data for any class section. The PoC involves accessing a specific endpoint with modified parameters.

Classification

Writeup 100%

Attack Type

Auth Bypass

Complexity

Trivial

Reliability

Reliable

Target: Unifiedtransform v2.0

Auth required

Prerequisites: Teacher account credentials

MITRE ATT&CK

T1068 - Exploitation for Privilege Escalation

devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (2)

Core 2

Core References

Third Party Advisory

https://github.com/armaansidana2003/CVE-2025-25615

Product

https://github.com/changeweb/Unifiedtransform

Scores

CVSS v3 2.7

EPSS 0.0045

EPSS Percentile 36.0%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N

CISA SSVC

Vulnrichment

Exploitation poc

Automatable no

Technical Impact partial

Details

CWE

CWE-284

Status published

Products (1)

changeweb/unifiedtransform 2.0

Published Mar 10, 2025

Tracked Since Feb 18, 2026