Severity by source
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Primary rating from GitHub Advisory · only source for this CVE.
CVSS VectorGitHub Advisory
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Lifecycle Timeline
7DescriptionGitHub Advisory
OpenLearn is open-source educational forum software. Prior to commit 844b2a40a69d0c4911580fe501923f0b391313ab, when safeMode is enabled, unapproved forum posts are hidden from the public list, but the direct post-read procedure still returns the full post to anyone with the post UUID. Commit 844b2a40a69d0c4911580fe501923f0b391313ab fixes the issue.
AnalysisAI
OpenLearn forum software with safeMode enabled allows unauthenticated attackers to bypass post approval restrictions and read unpublished content directly via post UUID, bypassing the public forum list filtering. The vulnerability affects all versions prior to commit 844b2a40a69d0c4911580fe501923f0b391313ab and is remotely exploitable without authentication or user interaction. A vendor patch is available.
Technical ContextAI
OpenLearn implements a safeMode feature intended to hide unapproved forum posts from public enumeration by filtering them from the forum post list. However, the application's direct post-read procedure does not enforce the same approval status checks, allowing an attacker who knows or enumerates a post UUID to retrieve the full unpublished post content regardless of approval state. This is a classic authorization bypass vulnerability (CWE-284: Improper Access Control) where the access control policy is incompletely enforced across different API endpoints. The vulnerability exists in the post retrieval logic which fails to validate safeMode approval state when serving content via direct UUID lookups rather than list queries.
RemediationAI
Update OpenLearn to a version incorporating commit 844b2a40a69d0c4911580fe501923f0b391313ab or later. The patch is available at https://github.com/siemvk/OpenLearn/commit/844b2a40a69d0c4911580fe501923f0b391313ab. If immediate patching is not possible, implement access control enforcement at the application level by adding safeMode approval status validation to the direct post-read endpoint, ensuring unapproved posts return authorization errors rather than full content. Additionally, implement rate limiting on post UUID enumeration attempts and consider logging UUID lookups for audit purposes. Deployments relying on safeMode for compliance should prioritize this patch to prevent unauthorized access to moderation-pending content.
Same weakness CWE-284 – Improper Access Control
View allSame technique Authentication Bypass
View allShare
External POC / Exploit Code
Leaving vuln.today
EUVD-2026-25164