CVE-2025-65669

CRITICAL

classroomio 0.1.13 - Unauthenticated Course Deletion via Explore Page

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2025-65669. PoCs published by Rivek619.

AI-analyzed exploit summary This repository contains a detailed writeup describing a Broken Access Control vulnerability (CVE-2025-65669) in ClassroomIO 0.1.13, where student accounts can delete courses without proper authorization. The writeup includes steps to reproduce the issue but does not include exploit code.

Description

An issue was discovered in classroomio 0.1.13. Student accounts are able to delete courses from the Explore page without any authorization or authentication checks, bypassing the expected admin-only deletion restriction.

Exploits (1)

nomisec WRITEUP
by Rivek619 · poc
https://github.com/Rivek619/CVE-2025-65669

This repository contains a detailed writeup describing a Broken Access Control vulnerability (CVE-2025-65669) in ClassroomIO 0.1.13, where student accounts can delete courses without proper authorization. The writeup includes steps to reproduce the issue but does not include exploit code.

Classification
Writeup 100%
Attack Type
Auth Bypass
Complexity
Trivial
Reliability
Reliable
Target: ClassroomIO 0.1.13
Auth required
Prerequisites: Authenticated student account · Published course available on the Explore page
devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (3)

Core 3

Scores

CVSS v3 9.1
EPSS 0.0049
EPSS Percentile 37.9%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H

CISA SSVC

Vulnrichment
Exploitation poc
Automatable yes
Technical Impact partial

Details

CWE
CWE-862
Status published
Products (1)
classroomio/classroomio 0.1.13
Published Nov 26, 2025
Tracked Since Feb 18, 2026