Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1310 CNY

100%
Buy Us a Coffee

CVE-2025-65669 PoC — ClassroomIO.com 安全漏洞

Source
https://github.com/Rivek619/CVE-2025-65669
Associated Vulnerability
Title:ClassroomIO.com 安全漏洞 (CVE-2025-65669)
Description:An issue was discovered in classroomio 0.1.13. Student accounts are able to delete courses from the Explore page without any authorization or authentication checks, bypassing the expected admin-only deletion restriction.
Description
An issue was discovered in classroomio 0.1.13. Student accounts are able to delete courses from the Explore page without any authorization or authentication checks, bypassing the expected admin-only deletion restriction. Discovered by - Rivek Raj Tamang (RivuDon), Sikkim, India.
Readme
# CVE-2025-65669
An issue was discovered in classroomio 0.1.13. Student accounts are able to delete courses from the Explore page without any authorization or authentication checks, bypassing the expected admin-only deletion restriction. Discovered by - Rivek Raj Tamang (RivuDon), Sikkim, India.

**Affected Product: ClassroomIO**
* Affected Version: 0.1.13
* **Discovered by: Rivek Raj Tamang (RivuDon), Sikkim, India**

## Vulnerability Details
Broken Access Control

# Summary
A Broken Access Control vulnerability in ClassroomIO 0.1.13 allows student-level users to delete published courses without any authorization checks. The “Delete Course” action—intended exclusively for administrators—is improperly exposed on the Explore page, enabling any authenticated student to remove entire courses created by admins. This flaw results in unauthorized data manipulation, loss of learning content, and disruption of platform functionality. The issue stems from missing server-side permission validation, allowing students to bypass role restrictions simply by interacting with the exposed deletion endpoint.

## Steps to Reproduce
Have two accounts Admin (Chromium) and Student (Firefox)

Login as Admin

1. Admin creates a course (live or self-paced) and publishes it online.

Login as Student

2. Student navigates to the Explore page and sees the newly published course.

3. Student has the option to delete

4. Clicks the "Delete" button available alongside the course. Student confirms the deletion.

5. Course gets deleted without requiring any authentication or authorization approval.

Login as Admin

6. Confirm the course is deleted on both end.


# Acknowledgement 

This vulnerability was discovered and responsibly reported by:

**Rivek Raj Tamang (RivuDon) from Sikkim, India** 

https://www.linkedin.com/in/rivektamang/

https://rivudon.medium.com/
File Snapshot

Log in to view the POC file snapshot cached by Shenlong Bot

Log in to view
Remarks
    1. It is advised to access via the original source first.
    2. Local POC snapshots are reserved for subscribers — if the original source is unavailable, the local mirror is part of the paid plan.
    3. Mirroring, verifying, and maintaining this POC archive takes ongoing effort, so local snapshots are a paid feature. Your subscription keeps the archive online — thank you for the support. View subscription plans →