CVE-2026-25875

CVSS Score & Metrics

Base Score

9.8 / 10

Vector String

                                        CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H                                    

Vulnerability Description

PlaciPy is a placement management system designed for educational institutions. In version 1.0.0, The admin authorization middleware trusts client-controlled JWT claims (role and scope) without enforcing server-side role verification.

Vulnerability Details

Published Date

February 09, 2026

Last Modified

February 11, 2026

CWE ID

CWE-863

Source

NVD

Vendor

Praskla-Technology

Product

assessment-placipy

External References

https://github.com/Praskla-Technology/assessment-placipy/security/advisories/GHSA-mx95-8ppg-v574

CVSS Score & Metrics

Vulnerability Description

Vulnerability Details

External References

Discussion (0)

Add Comment