LearnHouse
CVE-2025-12268
LOW
Severity by source
CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Lifecycle Timeline
1DescriptionCVE.org
A vulnerability has been found in LearnHouse up to 98dfad76aad70711a8113f6c1fdabfccf10509ca. Impacted is an unknown function of the file /api/v1/courses/ of the component Course Thumbnail Handler. The manipulation of the argument thumbnail leads to unrestricted upload. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. This product is using a rolling release to provide continious delivery. Therefore, no version details for affected nor updated releases are available. The vendor was contacted early about this disclosure but did not respond in any way.
AnalysisAI
LearnHouse allows authenticated remote users to upload arbitrary files via unrestricted manipulation of the thumbnail parameter in the Course Thumbnail Handler endpoint (/api/v1/courses/), enabling potential malicious file storage and execution. The vulnerability affects all versions up to commit 98dfad76aad70711a8113f6c1fdabfccf10509ca, with publicly available exploit code disclosed despite vendor non-response to early notification. While CVSS is low (2.1) and EPSS exploitation probability is minimal (0.06%), the presence of public exploits and authentication-only barrier warrants prioritization in environments where account compromise or insider risk is elevated.
Technical ContextAI
LearnHouse uses a rolling release model without versioned releases, making traditional version tracking impossible. The vulnerability exists in the Course Thumbnail Handler component, specifically the /api/v1/courses/ API endpoint, where the thumbnail parameter fails to validate file type, size, or content. This is a classic unrestricted file upload vulnerability (CWE-284: Improper Access Control) requiring authentication (CVSS PR:L). The attack surface is the HTTP API layer handling course metadata operations. The CPE cpe:2.3:a:learnhouse:learnhouse:*:*:*:*:*:*:*:* indicates all versions are potentially affected, with the commit hash serving as the known-affected baseline rather than a traditional version number.
RemediationAI
No vendor-released patch is available at time of analysis due to vendor non-response and rolling release model. Organizations must upgrade to a commit after 98dfad76aad70711a8113f6c1fdabfccf10509ca if the upstream project issues a fix, or implement compensating controls immediately. Primary mitigation: restrict API access to the /api/v1/courses/ endpoint via network-level controls (WAF, reverse proxy, firewall rules) to limit exposure to trusted internal networks only, accepting the trade-off of reducing course thumbnail management to internal-only operations. Secondary mitigation: implement strict file type validation and size limits at the application layer if source code access is available (fork and patch the vulnerable endpoint). Tertiary mitigation: enforce strong authentication and audit logging for all course API operations to detect and block suspicious file uploads. Monitor the upstream LearnHouse repository on GitHub for security advisories, as vendor communication remains unresponsive. For critical deployments, consider switching to a vendor-supported learning platform with active security patch cycles.
More in Learnhouse
View allLearnHouse allows authenticated remote attackers to access unauthorized student assignment files through improper contro
Information disclosure in LearnHouse Image Handler component allows authenticated remote attackers to access sensitive d
Stored cross-site scripting (XSS) in LearnHouse Account Setting Page allows authenticated users to inject malicious scri
Same weakness CWE-284 – Improper Access Control
View allSame technique Authentication Bypass
View allShare
External POC / Exploit Code
Leaving vuln.today