PT-2026-7161 · Placipy · Placipy
Th3Gowham
·
Published
2026-02-09
·
Updated
2026-02-10
·
CVE-2026-25875
CVSS v3.1
9.8
Critical
| Vector | AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions
PlaciPy version 1.0.0
Description
PlaciPy is a placement management system for educational institutions. The admin authorization middleware in version 1.0.0 trusts client-controlled JWT claims, specifically the
role and scope, without performing server-side role verification. This could allow unauthorized access or actions.Recommendations
Apply server-side role verification to ensure that JWT claims are validated against authorized roles and scopes.
Exploit
Fix
LPE
Incorrect Authorization
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Placipy