Privilege Escalation Vulnerability in Creativeitem Academy LMS by Creativeitem
CVE-2025-56747

6.5MEDIUM

Key Information:

Vendor: Creativeitem
Status: Academy LMS
Vendor: CVE Published:; 14 October 2025

🔔 Create Creativeitem Vulnerability Alert

What is CVE-2025-56747?

The Creativeitem Academy LMS software version 5.13 and earlier is impacted by a privilege escalation vulnerability located in the Api_instructor controller. This issue allows authenticated users, without proper role validation, to gain access to instructor-only functions, leading to potential unauthorized course creation and management. This flaw poses significant risks as it undermines the intended access controls necessary for maintaining the integrity of course content and instructor permissions.

References

https://suryadina.com/academy-lms-instructor-escalation-3...

CVSS V3.1

Score:

6.5

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Oct 14, 2025
Vulnerability Reserved
Aug 17, 2025

JSON