CVE-2026-25809

9.8 CRITICAL

Published: February 09, 2026 Modified: February 11, 2026

Description

PlaciPy is a placement management system designed for educational institutions. In version 1.0.0, the code evaluation endpoint does not validate the assessment lifecycle state before allowing execution. There is no check to ensure that the assessment has started, is not expired, or the submission window is currently open.

AI Explanation

Get an AI-powered plain-language explanation of this vulnerability and remediation steps.

Login to generate AI explanation

CVSS v3.x Details

0.0 Low Medium High Critical 10.0

Vector String

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

References to Advisories, Solutions, and Tools

Patch Vendor Advisory Exploit Third Party Advisory

https://github.com/Praskla-Technology/assessment-placipy/security/advisories/GHSA-cc32-rp29-w9x7

Source: security-advisories@github.com

Mitigation Vendor Advisory

1 reference(s) from NVD

Quick Stats

CVSS v3 Score

9.8 / 10.0

EPSS (Exploit Probability)

0.1%

25th percentile

Exploitation Status

Not in CISA KEV

Weaknesses (CWE)

CWE-285

Affected Vendors

prasklatechnology

Related CVEs

CVE-2026-33179 5.5

CVE-2026-33165 5.5

CVE-2026-33164 N/A

CVE-2026-33156 7.8

CVE-2026-33155 N/A