Classroomio
Products
1- 5 CVEs
Recent CVEs
5| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2025-67298 | Hig | 0.53 | 8.1 | 0.00 | Mar 11, 2026 | An issue in ClasroomIO before v.0.2.6 allows a remote attacker to escalate privileges via the endpoints /api/verify and /rest/v1/profile | ||
| CVE-2025-67259 | Med | 0.42 | 6.5 | 0.00 | Apr 24, 2026 | A Broken Access Control vulnerability exists in ClassroomIO v0.1.13 where an authenticated low-privileged "student" user can access unauthorized course-level information by modifying intercepted API requests. Changing a captured POST request to a GET request against the… | ||
| CVE-2025-65670 | 0.00 | — | 0.00 | Nov 26, 2025 | An Insecure Direct Object Reference (IDOR) in classroomio 0.1.13 allows students to access sensitive admin/teacher endpoints by manipulating course IDs in URLs, resulting in unauthorized disclosure of sensitive course, admin, and student data. The leak occurs momentarily before… | |||
| CVE-2025-65672 | 0.00 | — | 0.00 | Nov 26, 2025 | Insecure Direct Object Reference (IDOR) in classroomio 0.1.13 allows unauthorized share and invite access to course settings. | |||
| CVE-2025-65669 | 0.00 | — | 0.01 | Nov 26, 2025 | An issue was discovered in classroomio 0.1.13. Student accounts are able to delete courses from the Explore page without any authorization or authentication checks, bypassing the expected admin-only deletion restriction. |
- risk 0.53cvss 8.1epss 0.00
An issue in ClasroomIO before v.0.2.6 allows a remote attacker to escalate privileges via the endpoints /api/verify and /rest/v1/profile
- risk 0.42cvss 6.5epss 0.00
A Broken Access Control vulnerability exists in ClassroomIO v0.1.13 where an authenticated low-privileged "student" user can access unauthorized course-level information by modifying intercepted API requests. Changing a captured POST request to a GET request against the…
- CVE-2025-65670Nov 26, 2025risk 0.00cvss —epss 0.00
An Insecure Direct Object Reference (IDOR) in classroomio 0.1.13 allows students to access sensitive admin/teacher endpoints by manipulating course IDs in URLs, resulting in unauthorized disclosure of sensitive course, admin, and student data. The leak occurs momentarily before…
- CVE-2025-65672Nov 26, 2025risk 0.00cvss —epss 0.00
Insecure Direct Object Reference (IDOR) in classroomio 0.1.13 allows unauthorized share and invite access to course settings.
- CVE-2025-65669Nov 26, 2025risk 0.00cvss —epss 0.01
An issue was discovered in classroomio 0.1.13. Student accounts are able to delete courses from the Explore page without any authorization or authentication checks, bypassing the expected admin-only deletion restriction.