CVE-2025-67298HIGH 8.1EPSS p12.1%

CVE-2025-67298CVE-2025-67298

Description

An issue in ClasroomIO before v.0.2.6 allows a remote attacker to escalate privileges via the endpoints /api/verify and /rest/v1/profile

Scoring

CVSS 3.18.1 (HIGH)
VectorCVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
EPSS0.22% probability of exploitation · percentile 12.1% · 2026-06-19T12:03:05Z
Published2026-03-11
Last modified2026-04-07

Underlying weaknesses· 3

CWE-290CWE-345CWE-639

References

  1. https://gist.github.com/prashunbaral/70c4f6f9d9ff8b82295623073eb41f3a
  2. https://github.com/classroomio/classroomio/releases/tag/v0.2.6

3

TypeTargetConfidenceTier
WeaknessAuthentication Bypass by Spoofingcwe-2900%live
WeaknessInsufficient Verification of Data Authenticitycwe-3450%live
WeaknessAuthorization Bypass Through User-Controlled Keycwe-6390%live

Related by meaning· 6

Nearest entities by semantic similarity across the cs-graph corpus.

CVE
CVE-2025-65669
CVE
CVE-2025-26199
CVE
CVE-2026-25197
CVE
CVE-2025-69182
CVE
CVE-2026-23899
CVE
CVE-2025-32648
Sourced from NVD + FIRST.org EPSS. Curated for EU compliance use cases by Adam Lundqvist, Founder at SQUR.