CVE-2026-25753

See a problem?
Please try reporting it to the source first.

Source

https://cve.org/CVERecord?id=CVE-2026-25753

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2026-25753.json

JSON Data

https://api.osv.dev/v1/vulns/CVE-2026-25753

Aliases

GHSA-6537-cf56-j9w2

Published

2026-02-06T18:57:31.419Z

Modified

2026-03-13T04:11:09.291293Z

Severity

9.3 (Critical) CVSS_V4 - CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N CVSS Calculator

Summary

PlaciPy has a Hard-Coded Default Password for All Student Accounts (Account Takeover)

Details

PlaciPy is a placement management system designed for educational institutions. In version 1.0.0, the application uses a hard-coded, static default password for all newly created student accounts. This results in mass account takeover, allowing any attacker to log in as any student once the password is known.

Database specific

{
    "cna_assigner": "GitHub_M",
    "cwe_ids": [
        "CWE-259"
    ],
    "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2026/25xxx/CVE-2026-25753.json"
}

References

Affected packages

Git /

Affected ranges

Database specific

unresolved_ranges

[
    {
        "events": [
            {
                "introduced": "0"
            },
            {
                "last_affected": "1.0.0"
            }
        ]
    }
]

source

"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2026-25753.json"