CVE-2025-65669

Published: Nov 26, 2025Modified: Dec 3, 2025

9.1

Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H

Exploitability: 3.9 / Impact: 5.2

Source: 134c704f-9b21-4f2e-91b3-4a467353bcc0 (Secondary)

Description

An issue was discovered in classroomio 0.1.13. Student accounts are able to delete courses from the Explore page without any authorization or authentication checks, bypassing the expected admin-only deletion restriction.

Affected (1)

Products: Classroomio: Classroomio

Classroomio

1 product

Classroomio

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Classroomio Classroomio	Version 0.1.13

Related CWEs

CWE-862

Missing Authorization

The product does not perform an authorization check when an actor attempts to access a resource or perform an action.

References (4)

http://classroomio.com

Source: cve@mitre.org

Product

https://github.com/Rivek619/CVE-2025-65669

Source: cve@mitre.org

ExploitThird Party Advisory

https://github.com/classroomio/classroomio

Source: cve@mitre.org

Product

https://github.com/Rivek619/CVE-2025-65669

Source: 134c704f-9b21-4f2e-91b3-4a467353bcc0

ExploitThird Party Advisory

Timeline

No history available yet.