How to fix CVE-2025-70146?

Within 24 hours: Isolate affected systems from production environments or disable public access to the Time Table Generator application; identify all instances running version 1.0 across your infrastructure. Within 7 days: Implement network-level access controls (IP whitelisting, VPN-only access) and deploy WAF rules to block unauthenticated requests to critical endpoints; conduct audit logs for unauthorized access attempts. Within 30 days: Evaluate alternative scheduling solutions or contact vendor for patched release timeline; plan migration strategy if patch availability remains uncertain.

Is Online Time Table Generator affected by CVE-2025-70146?

A critical authentication bypass vulnerability in Online Time Table Generator v1.0 allows unauthorized users to access and manipulate sensitive scheduling functions without credentials.

CVE-2025-70146

CRITICAL

2026-02-18 [email protected]

9.1

CVSS 3.1

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H

Attack Vector

Network

Attack Complexity

Low

Privileges Required

None

User Interaction

None

Scope

Unchanged

Confidentiality

None

Integrity

High

Availability

High

Lifecycle Timeline

Analysis Generated

Mar 12, 2026 - 21:55 vuln.today

PoC Detected

Feb 20, 2026 - 20:07 vuln.today

Public exploit code

CVE Published

Feb 18, 2026 - 17:21 nvd

CRITICAL 9.1

Description

Missing authentication in multiple administrative action scripts under /admin/ in ProjectWorlds Online Time Table Generator 1.0 allows remote attackers to perform unauthorized administrative operations (e.g.,adding records, deleting records) via direct HTTP requests to affected endpoints without a valid session.

Analysis

Missing authentication on multiple admin action scripts in ProjectWorlds Online Time Table Generator allows unauthenticated users to perform administrative operations. PoC available.

Technical Context

CWE-306 missing authentication on administrative scripts under /admin/ directory.

Affected Products

['ProjectWorlds Online Time Table Generator']

Remediation

Implement authentication middleware for all /admin/ endpoints.

Priority Score

Low Medium High Critical

KEV: 0

EPSS: +0.4

CVSS: +46

POC: +20

CVE-2025-70146 vulnerability details – vuln.today

Back

CVE-2025-70146

CVSS Vector

Lifecycle Timeline

Tags

Description

Analysis

Technical Context

Affected Products

Remediation

Priority Score

Share

CVE-2025-70146

CVSS Vector

Lifecycle Timeline

Tags

Description

Analysis

Technical Context

Affected Products

Remediation

Priority Score

Share

External POC / Exploit Code