Every CVE whose affected-product data names Classroomio, ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVEs (6)
CVE-2025-65669 — CVSS 9.1 (critical): An issue was discovered in classroomio 0.1.13. Student accounts are able to delete courses from the Explore page without any authorization…
CVE-2025-67298 — CVSS 8.1 (high): An issue in ClasroomIO before v.0.2.6 allows a remote attacker to escalate privileges via the endpoints /api/verify and /rest/v1/profile
CVE-2025-65672 — CVSS 7.5 (high): Insecure Direct Object Reference (IDOR) in classroomio 0.1.13 allows unauthorized share and invite access to course settings.
CVE-2025-65675 — CVSS 5.4 (medium): Stored Cross site scripting (XSS) vulnerability in Classroomio LMS 0.1.13 allows authenticated attackers to execute arbitrary code via…
CVE-2025-65676 — CVSS 5.4 (medium): Stored Cross site scripting (XSS) vulnerability in Classroomio LMS 0.1.13 allows authenticated attackers to execute arbitrary code via…
CVE-2025-65670 — CVSS 4.3 (medium): An Insecure Direct Object Reference (IDOR) in classroomio 0.1.13 allows students to access sensitive admin/teacher endpoints by…