PT-2025-51780 · Open Edx · Open Edx
Published
2025-12-16
·
Updated
2025-12-17
·
CVE-2025-68270
CVSS v3.1
9.9
Critical
| Vector | AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:L |
Name of the Vulnerable Software and Affected Versions
Open edX versions prior to commit 05d0d0936daf82c476617257aa6c35f0cd4ca060
Description
The Open edX Platform contains an issue where CourseLimitedStaffRole users with permissions granted at the organization level, rather than the course level, can access and modify courses in the studio environment. These users are also able to list courses they have the role on in studio, despite not being intended to have access. This allows unauthorized access and potential modification of course content.
Recommendations
Update the Open edX Platform to commit 05d0d0936daf82c476617257aa6c35f0cd4ca060 or a later version to resolve the issue.
Exploit
Fix
Missing Authorization
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Open Edx