CVE-2025-65670

MEDIUM

classroomio <0.1.13 - Info Disclosure

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2025-65670. PoCs published by Rivek619.

AI-analyzed exploit summary This repository contains a detailed writeup describing an Insecure Direct Object Reference (IDOR) vulnerability in ClassroomIO 0.1.13, allowing students to momentarily access admin/teacher endpoints by manipulating course IDs in URLs, leading to unauthorized data disclosure.

Description

An Insecure Direct Object Reference (IDOR) in classroomio 0.1.13 allows students to access sensitive admin/teacher endpoints by manipulating course IDs in URLs, resulting in unauthorized disclosure of sensitive course, admin, and student data. The leak occurs momentarily before the system reverts to a normal state restricting access.

Exploits (1)

nomisec WRITEUP
by Rivek619 · poc
https://github.com/Rivek619/CVE-2025-65670

This repository contains a detailed writeup describing an Insecure Direct Object Reference (IDOR) vulnerability in ClassroomIO 0.1.13, allowing students to momentarily access admin/teacher endpoints by manipulating course IDs in URLs, leading to unauthorized data disclosure.

Classification
Writeup 100%
Attack Type
Auth Bypass
Complexity
Trivial
Reliability
Reliable
Target: ClassroomIO 0.1.13
Auth required
Prerequisites: Access to a student account · Course ID of a published course
devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (3)

Core 3

Scores

CVSS v3 4.3
EPSS 0.0024
EPSS Percentile 14.6%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

CISA SSVC

Vulnrichment
Exploitation poc
Automatable no
Technical Impact partial

Details

CWE
CWE-639
Status published
Products (1)
classroomio/classroomio 0.1.13
Published Nov 26, 2025
Tracked Since Feb 18, 2026