CVE-2026-25753

CRITICAL

PlaciPy 1.0.0 - Info Disclosure

Title source: llm

Description

PlaciPy is a placement management system designed for educational institutions. In version 1.0.0, the application uses a hard-coded, static default password for all newly created student accounts. This results in mass account takeover, allowing any attacker to log in as any student once the password is known.

References (1)

[Mitigation, Vendor Advisory] https://github.com/Praskla-Technology/assessment-placipy/security/advisories/GHSA-6537-cf56-j9w2

Scores

CVSS v3 9.8

EPSS 0.0003

EPSS Percentile 6.8%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CISA SSVC

Vulnrichment

Exploitation none

Automatable yes

Technical Impact total

Details

CWE

CWE-259

Status published

Products (1)

prasklatechnology/placipy 1.0.0

Published Feb 06, 2026

Tracked Since Feb 18, 2026