CVE-2026-25753CRITICAL 9.8EPSS p27.4%

CVE-2026-25753CVE-2026-25753

Description

PlaciPy is a placement management system designed for educational institutions. In version 1.0.0, the application uses a hard-coded, static default password for all newly created student accounts. This results in mass account takeover, allowing any attacker to log in as any student once the password is known.

Scoring

CVSS 3.19.8 (CRITICAL)
VectorCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
EPSS0.36% probability of exploitation · percentile 27.4% · 2026-06-18T12:00:27Z
Published2026-02-06
Last modified2026-02-11

Underlying weaknesses· 1

CWE-259

References

  1. https://github.com/Praskla-Technology/assessment-placipy/security/advisories/GHSA-6537-cf56-j9w2

1

TypeTargetConfidenceTier
WeaknessUse of Hard-coded Passwordcwe-2590%live

Related by meaning· 6

Nearest entities by semantic similarity across the cs-graph corpus.

CVE
CVE-2026-25810
CVE
CVE-2026-25812
CVE
CVE-2026-25811
CVE
CVE-2026-25875
CVE
CVE-2026-25876
CVE
CVE-2026-25809
Sourced from NVD + FIRST.org EPSS. Curated for EU compliance use cases by Adam Lundqvist, Founder at SQUR.