CVE-2025-25618 PoC — Unifiedtransform 安全漏洞

Source

Associated Vulnerability

Readme

# CVE-2025-25618

Unifiedtransform v2.X is vulnerable to Incorrect Access Control, allowing teachers to change the Section Name and Room Number — permissions that should be restricted to administrators.  

Vendor: [Unifiedtransform](https://github.com/changeweb/Unifiedtransform)  

---

## PoC

**Step 1:** Log in to the application as a Teacher.  

**Step 2:** Browse to the following endpoint:  
/section/edit/1

**Step 3:** Modify the Section Name and Room Number fields and click on save.  

**Impact:** Unauthorized changes to section details can lead to mismanagement and confusion in academic operations. Teachers altering these critical details can disrupt class assignments, schedules, and classroom management, which should only be handled by administrators.  

---

**Vulnerability Type:** Incorrect Access Control  
**Attack Type:** Remote  
**Impact:** Escalation of Privileges  
**Attack Vectors:** Broken Access Control allows teachers to modify section names and room numbers without proper authorization.  

**Discoverer:** Armaan Sidana  

**References:**  
- [Unifiedtransform Official Site](http://unifiedtransform.com)  
- [Unifiedtransform GitHub Repository](https://github.com/changeweb/Unifiedtransform)  

File Snapshot

 [4.0K]  /data/pocs/e93bdb922923799631743d2502b5ee93bacb4e26
└── [1.2K]  README.md

0 directories, 1 file

Remarks