Vulnerabilities > CVE-2025-25616 - Unspecified vulnerability in Changeweb Unifiedtransform 2.0

CVSS 4.3 - MEDIUM

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

LOW

Confidentiality impact

NONE

Integrity impact

LOW

Availability impact

NONE

network

low complexity

changeweb

NVD

Published: 2025-03-10

Updated: 2025-03-13

Summary

Unifiedtransform 2.0 is vulnerable to Incorrect Access Control, which allows students to modify rules for exams. The affected endpoint is /exams/edit-rule?exam_rule_id=1.

Vulnerable Configurations

Part	Description	Count
Application	Changeweb Changeweb Unifiedtransform 2.0	1

References

https://github.com/armaansidana2003/CVE-2025-25616
https://github.com/changeweb/Unifiedtransform