CVE-2025-12270
Unknown Unknown - Not Provided
BaseFortify

Publication date: 2025-10-27

Last updated on: 2026-04-29

Assigner: VulDB

Description
A vulnerability was determined in LearnHouse up to 98dfad76aad70711a8113f6c1fdabfccf10509ca. The impacted element is an unknown function of the file /api/v1/assignments/{assignment_id}/tasks/{task_id}/sub_file of the component Student Assignment Submission Handler. This manipulation causes improper control of resource identifiers. The attack can be initiated remotely. The exploit has been publicly disclosed and may be utilized. Continious delivery with rolling releases is used by this product. Therefore, no version details of affected nor updated releases are available. The vendor was contacted early about this disclosure but did not respond in any way.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2025-10-27
Last Modified
2026-04-29
Generated
2026-06-16
AI Q&A
2025-10-27
EPSS Evaluated
2026-06-14
NVD
CVE-2025-12270
EUVD
EUVD-2025-36164
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
learnhouse learnhouse to 2025-09-21 (inc)
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-99 The product receives input from an upstream component, but it does not restrict or incorrectly restricts the input before it is used as an identifier for a resource that may be outside the intended sphere of control.
CWE-639 The system's authorization functionality does not prevent one user from gaining access to another user's data or record by modifying the key value identifying the data.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

CVE-2025-12270 is an Insecure Direct Object Reference (IDOR) vulnerability in the LearnHouse Learning Management System (LMS), specifically in the Student Assignment Submission Handler component. The vulnerability occurs because the system serves student assignment submission files from a publicly accessible directory (/content/*) without enforcing authentication or authorization checks. This allows an attacker to manipulate resource identifiers or directly guess URLs to access other students' submitted files without permission. The root cause is improper input validation and missing authorization in the file serving mechanism, enabling unauthorized remote access to sensitive academic files. [1, 2, 3]

Impact Analysis

This vulnerability can lead to unauthorized access to student assignment submissions, exposing sensitive academic data and personal information. It poses risks to privacy and academic integrity by allowing attackers or unauthorized users to view or download other students' submitted work, potentially facilitating plagiarism. Additionally, it can result in data breaches of confidential academic materials, grades, and feedback. Institutions using LearnHouse may suffer reputational damage, legal liabilities, and loss of trust due to this exposure. [2, 3]

Compliance Impact

The vulnerability can lead to violations of data protection regulations such as GDPR and FERPA because it allows unauthorized access to personal and academic data of students. This unauthorized disclosure of sensitive information breaches privacy requirements mandated by these standards, potentially resulting in legal consequences and compliance failures for institutions using the affected LearnHouse LMS. [2]

Detection Guidance

This vulnerability can be detected by attempting to access student assignment submission files directly via the predictable URL pattern without authentication. For example, using command-line tools like curl or wget to request URLs following the pattern: /content/orgs/{org_id}/courses/{course_id}/activities/{activity_id}/assignments/{assignment_id}/tasks/{task_id}/subs/{file_uuid}.{extension}. If the files are accessible without authentication or authorization, the system is vulnerable. Example commands include: - curl -I https://your-learnhouse-domain/content/orgs/ORG_ID/courses/COURSE_ID/activities/ACTIVITY_ID/assignments/ASSIGNMENT_ID/tasks/TASK_ID/subs/FILE_UUID.extension - wget --spider https://your-learnhouse-domain/content/orgs/ORG_ID/courses/COURSE_ID/activities/ACTIVITY_ID/assignments/ASSIGNMENT_ID/tasks/TASK_ID/subs/FILE_UUID.extension Replace placeholders with actual values. Successful HTTP 200 responses indicate the vulnerability. [2]

Mitigation Strategies

Immediate mitigation steps include routing all requests to the /content/* directory through the application’s authentication middleware to enforce user identity verification. Additionally, implement strict authorization checks to ensure that only authorized users can access the files, specifically verifying if the requester is the student who submitted the file, an instructor for the course, or an administrator with appropriate privileges. Until a patch or update is available, restrict direct access to the /content/ directory at the web server level if possible. [2]

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2025-12270. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart