CVE-2025-56747
Unknown Unknown - Not Provided
BaseFortify

Publication date: 2025-10-14

Last updated on: 2025-10-21

Assigner: MITRE

Description
Creativeitem Academy LMS up to and including 5.13 contains a privilege escalation vulnerability in the Api_instructor controller where regular authenticated users can access instructor-only functions without proper role validation, allowing unauthorized course creation and management.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2025-10-14
Last Modified
2025-10-21
Generated
2026-06-16
AI Q&A
2025-10-14
EPSS Evaluated
2026-06-15
NVD
CVE-2025-56747
EUVD
EUVD-2025-34223
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
creativeitem academy_lms to 5.13 (inc)
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-269 The product does not properly assign, modify, track, or check privileges for an actor, creating an unintended sphere of control for that actor.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

This vulnerability is a privilege escalation flaw in Creativeitem Academy LMS up to version 5.13. It occurs in the Api_instructor controller, where regular authenticated users can access instructor-only functions because the system fails to properly check if a user has the instructor role. Although JWT tokens are validated for authentication, the system does not verify the 'is_instructor=1' flag in the user's record, allowing unauthorized users to perform instructor-level actions such as creating and managing courses. [1]

Impact Analysis

The vulnerability allows unauthorized users to create unlimited courses, modify existing course content, access sensitive instructor data and analytics, change instructor passwords and profiles, manipulate course pricing and availability, and bypass the platform's business model. This can lead to financial losses, exposure of sensitive data, compromise of the platform's integrity, damage to reputation, and loss of user trust. [1]

Detection Guidance

This vulnerability can be detected by monitoring API requests to the vulnerable endpoints that should be restricted to instructors only. You can look for authenticated users accessing instructor-only API endpoints such as GET /lms/api_instructor/userdata, POST /lms/api_instructor/add_course, or POST /lms/api_instructor/change_password without having the instructor role. Commands to detect this could include capturing and inspecting HTTP requests with tools like curl or using network monitoring tools to identify unauthorized access patterns. For example, using curl to test access with a regular user's JWT token: curl -H "Authorization: Bearer <user_jwt_token>" https://your-lms-domain/lms/api_instructor/add_course If the request succeeds without proper role validation, the vulnerability is present. [1]

Mitigation Strategies

Immediate mitigation steps include adding role validation checks in the Api_instructor controller to verify both JWT token validity and the 'is_instructor' flag before granting access to instructor-only functions. If the user is not an instructor, the system should respond with HTTP 403 Forbidden and an appropriate error message. Additionally, implement consistent role-based access control using middleware, validate permissions at the database level, handle authorization errors properly, and add audit logging for privilege escalation attempts. [1]

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2025-56747. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart