CVE-2025-25621

MEDIUM

Unifiedtransform 2.0 - Incorrect Access Control via Teacher Attendance Endpoint

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2025-25621. PoCs published by armaansidana2003.

AI-analyzed exploit summary This repository contains a writeup detailing an Incorrect Access Control vulnerability in Unifiedtransform v2.0, allowing teachers to manipulate attendance records of other teachers via a specific endpoint. The PoC involves navigating to a URL and performing actions that should be restricted to admins.

Description

Unifiedtransform 2.0 is vulnerable to Incorrect Access Control, which allows teachers to take attendance of fellow teachers. This affected endpoint is /courses/teacher/index?teacher_id=2&semester_id=1.

Exploits (1)

nomisec WRITEUP
by armaansidana2003 · poc
https://github.com/armaansidana2003/CVE-2025-25621

This repository contains a writeup detailing an Incorrect Access Control vulnerability in Unifiedtransform v2.0, allowing teachers to manipulate attendance records of other teachers via a specific endpoint. The PoC involves navigating to a URL and performing actions that should be restricted to admins.

Classification
Writeup 90%
Attack Type
Auth Bypass
Complexity
Trivial
Reliability
Reliable
Target: Unifiedtransform v2.0
Auth required
Prerequisites: Teacher account credentials · Access to the application
devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (2)

Core 2

Scores

CVSS v3 4.3
EPSS 0.0036
EPSS Percentile 27.8%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:L/I:L/A:L

CISA SSVC

Vulnrichment
Exploitation poc
Automatable no
Technical Impact partial

Details

CWE
CWE-284
Status published
Products (1)
changeweb/unifiedtransform 2.0
Published Mar 17, 2025
Tracked Since Feb 18, 2026