CVE-2026-25753

Summary

PlaciPy is a placement management system designed for educational institutions. In version 1.0.0, the application uses a hard-coded, static default password for all newly created student accounts. This results in mass account takeover, allowing any attacker to log in as any student once the password is known.

Affected Software

VendorProductVersion RangeStatus
Praskla-Technologyassessment-placipy<= 1.0.0affected

Weaknesses

  • CWE-259: CWE-259: Use of Hard-coded Password

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: yes
    • Technical Impact: total

References