Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CVE-2025-65669 PoC — ClassroomIO.com 安全漏洞

Source
https://github.com/Rivek619/CVE-2025-65669
Associated Vulnerability
Title:ClassroomIO.com 安全漏洞 (CVE-2025-65669)
Description:ClassroomIO.com是ClassroomIO开源的一个教育平台。 ClassroomIO.com 0.1.13版本存在安全漏洞,该漏洞源于学生账户能够未经授权或身份验证删除课程,可能导致绕过预期的管理员限制。
Description
An issue was discovered in classroomio 0.1.13. Student accounts are able to delete courses from the Explore page without any authorization or authentication checks, bypassing the expected admin-only deletion restriction. Discovered by - Rivek Raj Tamang (RivuDon), Sikkim, India.
Readme
# CVE-2025-65669
An issue was discovered in classroomio 0.1.13. Student accounts are able to delete courses from the Explore page without any authorization or authentication checks, bypassing the expected admin-only deletion restriction. Discovered by - Rivek Raj Tamang (RivuDon), Sikkim, India.

**Affected Product: ClassroomIO**
* Affected Version: 0.1.13
* **Discovered by: Rivek Raj Tamang (RivuDon), Sikkim, India**

## Vulnerability Details
Broken Access Control

# Summary
A Broken Access Control vulnerability in ClassroomIO 0.1.13 allows student-level users to delete published courses without any authorization checks. The “Delete Course” action—intended exclusively for administrators—is improperly exposed on the Explore page, enabling any authenticated student to remove entire courses created by admins. This flaw results in unauthorized data manipulation, loss of learning content, and disruption of platform functionality. The issue stems from missing server-side permission validation, allowing students to bypass role restrictions simply by interacting with the exposed deletion endpoint.

## Steps to Reproduce
Have two accounts Admin (Chromium) and Student (Firefox)

Login as Admin

1. Admin creates a course (live or self-paced) and publishes it online.

Login as Student

2. Student navigates to the Explore page and sees the newly published course.

3. Student has the option to delete

4. Clicks the "Delete" button available alongside the course. Student confirms the deletion.

5. Course gets deleted without requiring any authentication or authorization approval.

Login as Admin

6. Confirm the course is deleted on both end.


# Acknowledgement 

This vulnerability was discovered and responsibly reported by:

**Rivek Raj Tamang (RivuDon) from Sikkim, India** 

https://www.linkedin.com/in/rivektamang/

https://rivudon.medium.com/
File Snapshot

 [4.0K]  /data/pocs/af70e74f1f21b9d62f9a1883874cccdb3c807bef
└── [1.8K]  README.md

1 directory, 1 file
Shenlong Bot has cached this for you
Remarks
    1. It is advised to access via the original source first.
    2. If the original source is unavailable, please email f.jinxu#gmail.com for a local snapshot (replace # with @).
    3. Shenlong has snapshotted the POC code for you. To support long-term maintenance, please consider donating. Thank you for your support.