CVE-2026-25753

See a problem?
Please try reporting it to the source first.
Source
https://cve.org/CVERecord?id=CVE-2026-25753
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2026-25753.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2026-25753
Aliases
  • GHSA-6537-cf56-j9w2
Published
2026-02-06T18:57:31.419Z
Modified
2026-04-02T13:17:20.805697Z
Severity
  • 9.3 (Critical) CVSS_V4 - CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N CVSS Calculator
Summary
PlaciPy has a Hard-Coded Default Password for All Student Accounts (Account Takeover)
Details

PlaciPy is a placement management system designed for educational institutions. In version 1.0.0, the application uses a hard-coded, static default password for all newly created student accounts. This results in mass account takeover, allowing any attacker to log in as any student once the password is known.

Database specific 
{
    "cna_assigner": "GitHub_M",
    "cwe_ids": [
        "CWE-259"
    ],
    "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2026/25xxx/CVE-2026-25753.json"
}
References

Affected packages

Git / github.com/praskla-technology/assessment-placipy

Affected ranges

Type
GIT
Repo
https://github.com/praskla-technology/assessment-placipy
Events
Introduced
0 Unknown introduced commit / All previous commits are affected
Last affected
72b8f3d238f6f084c3b56f0ceef6221309686822
Database specific 
{
    "versions": [
        {
            "introduced": "0"
        },
        {
            "last_affected": "1.0.0"
        }
    ]
}

Affected versions

v1.*
v1.0.0

Database specific

source 
"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2026-25753.json"