Security Advisory

CVE-2025-65670

CVE vulnerability detail — eXtreme Datacenter Security Operations

Published 2025-11-26 00:00:00

Last updated 2025-11-28 14:18:58

Assigner mitre

State PUBLISHED

Description

An Insecure Direct Object Reference (IDOR) in classroomio 0.1.13 allows students to access sensitive admin/teacher endpoints by manipulating course IDs in URLs, resulting in unauthorized disclosure of sensitive course, admin, and student data. The leak occurs momentarily before the system reverts to a normal state restricting access.

← Browse all CVEs View on cve.org ↗