CVE-2025-26199CRITICAL 9.8EPSS p38.3%

CVE-2025-26199CVE-2025-26199

Description

CloudClassroom-PHP-Project v1.0 is affected by an insecure credential transmission vulnerability. The application transmits passwords over unencrypted HTTP during the login process, exposing sensitive credentials to potential interception by network-based attackers. A remote attacker with access to the same network (e.g., public Wi-Fi or compromised router) can capture login credentials via Man-in-the-Middle (MitM) techniques. If the attacker subsequently uses the credentials to log in and exploit administrative functions (e.g., file upload), this may lead to remote code execution depending on the environment.

Scoring

CVSS 3.19.8 (CRITICAL)
VectorCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
EPSS0.49% probability of exploitation · percentile 38.3% · 2026-06-19T12:03:05Z
Published2025-06-18
Last modified2025-07-09

Underlying weaknesses· 1

CWE-319

References

  1. https://gist.github.com/tansique-17/6e01bb1b8a09ef499a9b8484a8dc2487
  2. https://github.com/tansique-17/CVE-2025-26199/tree/main

1

TypeTargetConfidenceTier
WeaknessCleartext Transmission of Sensitive Informationcwe-3190%live

Related by meaning· 6

Nearest entities by semantic similarity across the cs-graph corpus.

CVE
CVE-2025-26198
CVE
CVE-2025-46179
CVE
CVE-2025-15198
CVE
CVE-2026-2058
CVE
CVE-2025-7191
CVE
CVE-2025-67298
Sourced from NVD + FIRST.org EPSS. Curated for EU compliance use cases by Adam Lundqvist, Founder at SQUR.