Unifiedtransform 2.0 is vulnerable to Incorrect Access Control, which allows students to modify rules for exams. The affected endpoint is /exams/edit-rule?exam_rule_id=1.
The product does not restrict or incorrectly restricts access to a resource from an unauthorized actor.
Link | Tags |
---|---|
https://github.com/changeweb/Unifiedtransform | product |
https://github.com/armaansidana2003/CVE-2025-25616 | third party advisory |