ClasroomIO allows attackers to gain higher-level access

Monitor vulnerabilities like this one. Sign up free to get alerted when software you use is affected.

8.1

ClasroomIO allows attackers to gain higher-level access

CVE-2025-67298

Summary

A security weakness in ClasroomIO versions before 0.2.6 lets a hacker gain more control over the system. This means an unauthorized person could access sensitive information or make changes they shouldn't be able to make. Update to version 0.2.6 or later to fix this issue.

Original title

An issue in ClasroomIO before v.0.2.6 allows a remote attacker to escalate privileges via the endpoints /api/verify and /rest/v1/profile

Original description

An issue in ClasroomIO before v.0.2.6 allows a remote attacker to escalate privileges via the endpoints /api/verify and /rest/v1/profile

Vulnerability type

CWE-290

CWE-345

CWE-639 Authorization Bypass Through User-Controlled Key

https://gist.github.com/prashunbaral/70c4f6f9d9ff8b82295623073eb41f3a
https://github.com/classroomio/classroomio/releases/tag/v0.2.6

Published: 11 Mar 2026 · Updated: 13 Mar 2026 · First seen: 11 Mar 2026