Home / Vulnerability Intelligence / CVE-2025-67298

CVE-2025-67298 - Vulnerability Analysis

HighCVSS: 8.1

Last Updated: March 11, 2026

ClasroomIO - Privilege Escalation

Published: March 11, 2026Updated: March 11, 2026Remote Exploitable

Overview

ClasroomIO < 0.2.6 contains a privilege escalation vulnerability caused by improper access control in /api/verify and /rest/v1/profile endpoints, letting remote attackers escalate privileges, exploit requires network access.

Severity & Score

Severity: High

CVSS Score: 8.1

EPSS Score: 5.1%(Probability of exploitation in next 30 days)

Impact

Remote attackers can escalate their privileges, potentially gaining unauthorized access or control.

Mitigation

Update to version 0.2.6 or later.

References

Social Media Activity(1 post)

TheHackerWire

@thehackerwire

Mar 11, 2026

🟠 CVE-2025-67298 - High (8.1) An issue in ClasroomIO before v.0.2.6 allows a remote attacker to escalate privileges via the endpoints /api/verify and /rest/v1/profile 🔗 https://www.thehackerwire.com/vulnerability/CVE-2025-67298/ #CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

View original post

Related Resources

Details

CVE ID: CVE-2025-67298
Severity: High
CVSS Score: 8.1
Type: broken_access_control
Status: new
EPSS: 5.1%
Social Posts: 1

CWE

CWE-290

CVSS Metrics

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

EPSS Score

5.1%Probability of exploitation in the next 30 days