CVE-2025-25616 PoC — Unifiedtransform 访问控制错误漏洞

Source

Associated Vulnerability

Readme

# CVE-2025-25616

Unifiedtransform v2.X is vulnerable to Incorrect Access Control, allowing students to modify exam rules. The affected endpoint is `/exams/edit-rule?exam_rule_id=1`.  

Vendor: [Unifiedtransform](https://github.com/changeweb/Unifiedtransform)  

---

## PoC

**Step 1:** Log in to the application as a Student.  

**Step 2:** Browse to the following endpoint:  
/exams/edit-rule?exam_rule_id=1

(Modify the `exam_rule_id` parameter to target different exam rules.)

**Step 3:** Change the exam rules and click on save.  

**Impact:** This allows unauthorized modification of exam rules, which should only be accessible by administrators. Students could manipulate exam parameters, like setting minimum passing marks, leading to severe business logic flaws and compromising the integrity of the exam system.  

---

**Vulnerability Type:** Incorrect Access Control  
**Attack Type:** Remote  
**Impact:** Escalation of Privileges  
**Attack Vectors:** Broken Access Control allows students to modify exam rules.  

**Discoverer:** Armaan Sidana  

**References:**  
- [Unifiedtransform Official Site](http://unifiedtransform.com)  
- [Unifiedtransform GitHub Repository](https://github.com/changeweb/Unifiedtransform)  

File Snapshot

 [4.0K]  /data/pocs/43cc87398cd4d45a88d0e83e3e1ca87a195b5791
└── [1.2K]  README.md

0 directories, 1 file

Remarks