LearnHouse
CVE-2025-12270
LOW
Severity by source
CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Lifecycle Timeline
1DescriptionCVE.org
A vulnerability was determined in LearnHouse up to 98dfad76aad70711a8113f6c1fdabfccf10509ca. The impacted element is an unknown function of the file /api/v1/assignments/{assignment_id}/tasks/{task_id}/sub_file of the component Student Assignment Submission Handler. This manipulation causes improper control of resource identifiers. The attack can be initiated remotely. The exploit has been publicly disclosed and may be utilized. Continious delivery with rolling releases is used by this product. Therefore, no version details of affected nor updated releases are available. The vendor was contacted early about this disclosure but did not respond in any way.
AnalysisAI
LearnHouse allows authenticated remote attackers to access unauthorized student assignment files through improper control of resource identifiers in the Student Assignment Submission Handler API endpoint, enabling information disclosure of sensitive academic materials. The vulnerability affects all versions up to commit 98dfad76aad70711a8113f6c1fdabfccf10509ca, with publicly available exploit code disclosed. EPSS exploitation probability is 0.04% (13th percentile), indicating low real-world exploitation likelihood despite public POC availability.
Technical ContextAI
The vulnerability exists in the RESTful API endpoint /api/v1/assignments/{assignment_id}/tasks/{task_id}/sub_file, which handles student assignment file submissions. The root cause is CWE-99 (Improper Control of Resource Identifiers), a class of authorization bypass flaws where the application fails to properly validate or restrict access to resources based on user identity or role. In this case, the API likely accepts user-controlled assignment_id and task_id parameters without verifying the authenticated user has permission to access those specific resources, allowing students or other users to enumerate and retrieve files belonging to other students' assignments through parameter manipulation.
RemediationAI
Apply the upstream fix by deploying the latest commit from the LearnHouse repository after commit 98dfad76aad70711a8113f6c1fdabfccf10509ca. Since the vendor uses continuous delivery with rolling releases rather than traditional version releases, administrators should pull the latest code from the main branch and redeploy. The patch must implement proper access control validation in the /api/v1/assignments/{assignment_id}/tasks/{task_id}/sub_file endpoint to verify the authenticated user owns or has explicit permission to access the requested assignment and task resources before serving files. Until patched, implement compensating controls: (1) enable API request logging and monitoring for repeated or invalid assignment_id/task_id parameter combinations to detect enumeration attempts, (2) restrict the endpoint to HTTPS-only with TLS 1.2+ to prevent credential interception, (3) implement rate limiting (e.g., 10 requests per minute per user) on the /api/v1/assignments endpoint to slow enumeration attacks, and (4) conduct an access control audit of all API endpoints in the Student Assignment Submission Handler component to identify similar CWE-99 instances. Trade-off: rate limiting may impact legitimate bulk download workflows; configure whitelist exceptions for known administrative tasks. For reference, see VulDB CID 329942 (https://vuldb.com/?ctiid.329942).
More in Learnhouse
View allLearnHouse allows authenticated remote users to upload arbitrary files via unrestricted manipulation of the thumbnail pa
Information disclosure in LearnHouse Image Handler component allows authenticated remote attackers to access sensitive d
Stored cross-site scripting (XSS) in LearnHouse Account Setting Page allows authenticated users to inject malicious scri
Same technique Information Disclosure
View allShare
External POC / Exploit Code
Leaving vuln.today