Monitor vulnerabilities like this one.
Sign up free to get alerted when software you use is affected.
6.5
Academy LMS: Unauthorized Access to Sensitive Content
CVE-2026-25372
Summary
A configuration error in Academy LMS allows unauthorized users to access sensitive information. This issue affects versions of Academy LMS from an unknown version to 3.5.3. To fix this, update to a patched version of the software.
Original title
Missing Authorization vulnerability in Kodezen LLC Academy LMS academy allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Academy LMS: from n/a through <= 3....
Original description
Missing Authorization vulnerability in Kodezen LLC Academy LMS academy allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Academy LMS: from n/a through <= 3.5.3.
nvd CVSS3.1
6.5
Vulnerability type
CWE-862
Missing Authorization
Published: 19 Feb 2026 · Updated: 11 Mar 2026 · First seen: 6 Mar 2026