关联漏洞
介绍
# CVE-2025-25617
Unifiedtransform v2.X is vulnerable to Incorrect Access Control, allowing teachers to create syllabus entries — a role intended only for administrators.
Vendor: [Unifiedtransform](https://github.com/changeweb/Unifiedtransform)
---
## PoC
**Step 1:** Log in to the application as a Teacher.
**Step 2:** Browse to the following endpoint:
/syllabus/create
**Step 3:** Fill in the required fields and click on save.
**Impact:** Teachers gaining the ability to create syllabus entries can disrupt the academic workflow, as this functionality should be restricted to administrators only. This can lead to unauthorized and potentially incorrect syllabus data being added, creating confusion and mismanagement.
---
**Vulnerability Type:** Incorrect Access Control
**Attack Type:** Remote
**Impact:** Escalation of Privileges
**Attack Vectors:** Broken Access Control allows teachers to create syllabus entries without proper authorization.
**Discoverer:** Armaan Sidana
**References:**
- [Unifiedtransform Official Site](http://unifiedtransform.com)
- [Unifiedtransform GitHub Repository](https://github.com/changeweb/Unifiedtransform)
文件快照
[4.0K] /data/pocs/95b3fe10a61832ebe3fd5f2edac69c5743a1f4c2
└── [1.2K] README.md
0 directories, 1 file
备注
1. 建议优先通过来源进行访问。
2. 如果因为来源失效或无法访问,请发送邮箱到 f.jinxu#gmail.com 索取本地快照(把 # 换成 @)。
3. 神龙已为您对POC代码进行快照,为了长期维护,请考虑为本地POC付费,感谢您的支持。