CVE-2026-25753

EPSS 0.36%
Veröffentlicht 06.02.2026 19:16:10
Zuletzt bearbeitet 11.02.2026 19:03:15
Quelle security-advisories@github.com
CVE-Watchlists
Login
Unerledigt
Login

PlaciPy has a Hard-Coded Default Password for All Student Accounts (Account Takeover)

PlaciPy is a placement management system designed for educational institutions. In version 1.0.0, the application uses a hard-coded, static default password for all newly created student accounts. This results in mass account takeover, allowing any attacker to log in as any student once the password is known.

Betroffene Produkte Warnungen 0 Metriken 3 CWE 1 Referenzen 4

NVD 1 VulnDex Vulnerability Enrichment 0

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Prasklatechnology ≫ Placipy Version1.0.0

Zu dieser CVE wurde keine Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.36%	0.273

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	9.8	3.9	5.9	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
security-advisories@github.com	9.3	0	0	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

CWE-259 Use of Hard-coded Password

The product contains a hard-coded password, which it uses for its own inbound authentication or for outbound communication to external components.

https://github.com/Praskla-Technology/assessment-placipy/security/advisories/GHSA-6537-cf56-j9w2

Vendor Advisory

Mitigation

https://nvd.nist.gov/vuln/detail/CVE-2026-25753

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2026-25753

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2026-25753

EUVD

Team-orientierte Vulnerability Management Plattform

Features der Plattform

CVE-2026-25753