Vulners
Lucene search
📄 Classroomio LMS 0.1.13 Insecure Direct Object Reference
| Reporter | Title | Published | Views | Family All 20 |
|---|---|---|---|---|
 | CVE-2025-65670 | 24 Nov 202521:00 | – | circl |
| CVE-2025-65672 | 24 Nov 202521:00 | – | circl |
 | ClassroomIO.com 安全漏洞 | 26 Nov 202500:00 | – | cnnvd |
| ClassroomIO.com 安全漏洞 | 26 Nov 202500:00 | – | cnnvd |
 | CVE-2025-65670 | 26 Nov 202500:00 | – | cve |
| CVE-2025-65672 | 26 Nov 202500:00 | – | cve |
 | CVE-2025-65670 | 26 Nov 202500:00 | – | cvelist |
| CVE-2025-65672 | 26 Nov 202500:00 | – | cvelist |
 | EUVD-2025-199752 | 26 Nov 202521:31 | – | euvd |
| EUVD-2025-199756 | 26 Nov 202521:31 | – | euvd |
10
# CVE-2025-65670
An Insecure Direct Object Reference (IDOR) in classroomio 0.1.13 allows students to access sensitive admin/teacher endpoints by manipulating course IDs in URLs, resulting in unauthorized disclosure of sensitive course, admin, and student data. The leak occurs momentarily before the system reverts to a normal state restricting access.Discovered by - Rivek Raj Tamang (RivuDon), Sikkim, India.
**Affected Product: ClassroomIO**
* Affected Version: 0.1.13
* **Discovered by: Rivek Raj Tamang (RivuDon), Sikkim, India**
## Vulnerability Details
Insecure Direct Object Reference / Broken Access Control
# Summary
This vulnerability allows a student-level user to momentarily access privileged admin-only endpoints by directly manipulating course IDs in the URL. Due to missing authorization checks and improper access validation, sensitive course analytics, attendance records, submissions, people lists, and marks become exposed before the system reverts to enforcing restrictions. This brief but critical information disclosure constitutes an IDOR-based Broken Access Control issue and can lead to leakage of sensitive administrative and student data.
## Steps to Reproduce
Login as Admin
1. Create and publish a course with enrolled students.
2. Access admin endpoints for the course e.g..
courses/<course-ID>/analytics, courses/<course-ID>/attendance, courses/<course-ID>/submissions, courses/<course-ID>/people, courses/<course-ID>/marks,
3. Admin can view expected data.
Login as Student
4. Join the course via Explore
5. Verify Students cannot see admin in the UI
6. Find the course ID (e.g. by inspecting course lessons URL).
7. Manually access the admin endpoints by crafting URLs such as:
courses/<course-ID>/analytics, courses/<course-ID>/attendance, courses/<course-ID>/submissions, courses/<course-ID>/people, courses/<course-ID>/marks,
8. The system responds with data meant only for Admin/Teacher roles momentarily, leaking sensitive information before reverting to restricting access.
# Acknowledgement
This vulnerability was discovered and responsibly reported by:
**Rivek Raj Tamang (RivuDon) from Sikkim, India**
https://www.linkedin.com/in/rivektamang/
https://rivudon.medium.com/
-------------------
# CVE-2025-65672
Insecure Direct Object Reference (IDOR) in classroomio 0.1.13 allows unauthorized share and invite access to course settings.
**Affected Product: ClassroomIO**
* Affected Version: 0.1.13
* **Discovered by: Rivek Raj Tamang (RivuDon), Sikkim, India**
## Vulnerability Details
Insecure Direct Object Reference (IDOR) / Broken Access Control
# Summary
ClassroomIO version 0.1.13 contains an IDOR vulnerability that allows a student (non-privileged user) to access restricted Course Settings, specifically the Share and Invite management interfaces.
This flaw arises due to improper authorization checks on sensitive endpoints, enabling privilege escalation and unauthorized course manipulation.
## Steps to Reproduce
1. Create Course (Admin)
2. Log in as an Admin and create/publish a new course.
3. Student View
Log in as a Student.
Navigate to the course using the Explore page.
Note the course ID in the URL.
5. Access Restricted Pages Directly
Replace {course-id} with a valid course ID and visit:
/courses/{course-id}/settings#share
/courses/{course-id}/people?add=true
7. Observe the Impact
The student is able to access:
Share Settings
Invite/People Management Panel
These actions are meant only for the course admin, but due to missing access checks, the student gains unauthorized control.
# Acknowledgement
This vulnerability was discovered and responsibly reported by:
**Rivek Raj Tamang (RivuDon) from Sikkim, India**
https://www.linkedin.com/in/rivektamang/
https://rivudon.medium.com/Data
Build on a solid foundation with Vulners data
We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data
Api
Power your application with Vulners API
The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access
App
Assess and manage vulnerabilities with Vulners tools
Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation
25 Nov 2025 00:00Current
7.3High risk
Vulners AI Score7.3
CVSS 3.17.5
EPSS0.00327
SSVC