VYPR

Classroomio

by Classroomio

Source repositories

CVEs (5)

  • CVE-2025-67298HigMar 11, 2026
    risk 0.53cvss 8.1epss 0.00

    An issue in ClasroomIO before v.0.2.6 allows a remote attacker to escalate privileges via the endpoints /api/verify and /rest/v1/profile

  • CVE-2025-67259MedApr 24, 2026
    risk 0.42cvss 6.5epss 0.00

    A Broken Access Control vulnerability exists in ClassroomIO v0.1.13 where an authenticated low-privileged "student" user can access unauthorized course-level information by modifying intercepted API requests. Changing a captured POST request to a GET request against the…

  • CVE-2025-65670Nov 26, 2025
    risk 0.00cvss epss 0.00

    An Insecure Direct Object Reference (IDOR) in classroomio 0.1.13 allows students to access sensitive admin/teacher endpoints by manipulating course IDs in URLs, resulting in unauthorized disclosure of sensitive course, admin, and student data. The leak occurs momentarily before…

  • CVE-2025-65672Nov 26, 2025
    risk 0.00cvss epss 0.00

    Insecure Direct Object Reference (IDOR) in classroomio 0.1.13 allows unauthorized share and invite access to course settings.

  • CVE-2025-65669Nov 26, 2025
    risk 0.00cvss epss 0.01

    An issue was discovered in classroomio 0.1.13. Student accounts are able to delete courses from the Explore page without any authorization or authentication checks, bypassing the expected admin-only deletion restriction.