CVE-2025-12270
BaseFortify
Publication date: 2025-10-27
Last updated on: 2026-04-29
Assigner: VulDB
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| learnhouse | learnhouse | to 2025-09-21 (inc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-639 | The system's authorization functionality does not prevent one user from gaining access to another user's data or record by modifying the key value identifying the data. |
| CWE-99 | The product receives input from an upstream component, but it does not restrict or incorrectly restricts the input before it is used as an identifier for a resource that may be outside the intended sphere of control. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
CVE-2025-12270 is an Insecure Direct Object Reference (IDOR) vulnerability in the LearnHouse Learning Management System (LMS), specifically in the Student Assignment Submission Handler component. The vulnerability occurs because the system serves student assignment submission files from a publicly accessible directory (/content/*) without enforcing authentication or authorization checks. This allows an attacker to manipulate resource identifiers or directly guess URLs to access other students' submitted files without permission. The root cause is improper input validation and missing authorization in the file serving mechanism, enabling unauthorized remote access to sensitive academic files. [1, 2, 3]
How can this vulnerability impact me? :
This vulnerability can lead to unauthorized access to student assignment submissions, exposing sensitive academic data and personal information. It poses risks to privacy and academic integrity by allowing attackers or unauthorized users to view or download other students' submitted work, potentially facilitating plagiarism. Additionally, it can result in data breaches of confidential academic materials, grades, and feedback. Institutions using LearnHouse may suffer reputational damage, legal liabilities, and loss of trust due to this exposure. [2, 3]
How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:
The vulnerability can lead to violations of data protection regulations such as GDPR and FERPA because it allows unauthorized access to personal and academic data of students. This unauthorized disclosure of sensitive information breaches privacy requirements mandated by these standards, potentially resulting in legal consequences and compliance failures for institutions using the affected LearnHouse LMS. [2]
How can this vulnerability be detected on my network or system? Can you suggest some commands?
This vulnerability can be detected by attempting to access student assignment submission files directly via the predictable URL pattern without authentication. For example, using command-line tools like curl or wget to request URLs following the pattern: /content/orgs/{org_id}/courses/{course_id}/activities/{activity_id}/assignments/{assignment_id}/tasks/{task_id}/subs/{file_uuid}.{extension}. If the files are accessible without authentication or authorization, the system is vulnerable. Example commands include: - curl -I https://your-learnhouse-domain/content/orgs/ORG_ID/courses/COURSE_ID/activities/ACTIVITY_ID/assignments/ASSIGNMENT_ID/tasks/TASK_ID/subs/FILE_UUID.extension - wget --spider https://your-learnhouse-domain/content/orgs/ORG_ID/courses/COURSE_ID/activities/ACTIVITY_ID/assignments/ASSIGNMENT_ID/tasks/TASK_ID/subs/FILE_UUID.extension Replace placeholders with actual values. Successful HTTP 200 responses indicate the vulnerability. [2]
What immediate steps should I take to mitigate this vulnerability?
Immediate mitigation steps include routing all requests to the /content/* directory through the applicationβs authentication middleware to enforce user identity verification. Additionally, implement strict authorization checks to ensure that only authorized users can access the files, specifically verifying if the requester is the student who submitted the file, an instructor for the course, or an administrator with appropriate privileges. Until a patch or update is available, restrict direct access to the /content/ directory at the web server level if possible. [2]