PlaciPy has a Hard-Coded Default Password for All Student Accounts...

9.3 / 10

CRITICAL

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

Description

PlaciPy is a placement management system designed for educational institutions. In version 1.0.0, the application uses a hard-coded, static default password for all newly created student accounts. This results in mass account takeover, allowing any attacker to log in as any student once the password is known.

AI Analysis

Hard-coded default password vulnerability in PlaciPy placement management system, allowing mass account takeover.

Basic Information

ID CVE-2026-25753

Source GitHub_M

Published Feb 6, 2026 at 18:57

Affected Product

Vendor Praskla-Technology

Product assessment-placipy

Version <= 1.0.0

Affected Versions Praskla-Technology assessment-placipy <= 1.0.0

CWE Classification

CWE-259

AI Assessment

AI Score 9.3 / 10

AI Severity Critical

Vendor Praskla-Technology

Product PlaciPy

Version 1.0.0

References

github.com /Praskla-Technology/assessment-placipy/security/advisories/GHSA-6537-cf56-j9w2

{
    "lastseen": "",
    "description": "PlaciPy is a placement management system designed for educational institutions. In version 1.0.0, the application uses a hard-coded, static default password for all newly created student accounts. This results in mass account takeover, allowing any attacker to log in as any student once the password is known.",
    "published": "2026-02-06T18:57:31.419Z",
    "modified": "2026-02-06T18:57:31.419Z",
    "type": "cve",
    "title": "PlaciPy has a Hard-Coded Default Password for All Student Accounts (Account Takeover)",
    "source": "GitHub_M",
    "references": "https://github.com/Praskla-Technology/assessment-placipy/security/advisories/GHSA-6537-cf56-j9w2",
    "id": "CVE-2026-25753",
    "bulletinFamily": "",
    "cwe": [
        "CWE-259"
    ],
    "cvelist": null,
    "sourceData": "Praskla-Technology assessment-placipy <= 1.0.0",
    "sourceHref": "",
    "cvss": {
        "score": 9.3,
        "severity": "CRITICAL",
        "vector": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N",
        "version": "4.0"
    },
    "cvss2": [],
    "cvss3": {
        "version": "",
        "vectorString": "",
        "baseScore": 0,
        "baseSeverity": "",
        "attackVector": "",
        "attackComplexity": "",
        "privilegesRequired": "",
        "userInteraction": "",
        "scope": "",
        "confidentialityImpact": "",
        "integrityImpact": "",
        "availabilityImpact": "",
        "cvssV3": {
            "version": "",
            "vectorString": "",
            "baseScore": 0,
            "baseSeverity": "",
            "attackVector": "",
            "attackComplexity": "",
            "privilegesRequired": "",
            "userInteraction": "",
            "scope": "",
            "confidentialityImpact": "",
            "integrityImpact": "",
            "availabilityImpact": ""
        }
    },
    "href": "",
    "category_name": "CVE",
    "post_link": "",
    "product": "assessment-placipy",
    "version": "<= 1.0.0",
    "vendor": "Praskla-Technology",
    "ai_description": "Hard-coded default password vulnerability in PlaciPy placement management system, allowing mass account takeover.",
    "ai_severity": "Critical",
    "ai_vendor": "Praskla-Technology",
    "ai_product": "PlaciPy",
    "ai_version": "1.0.0",
    "ai_score": 9.3
}

PlaciPy has a Hard-Coded Default Password for All Student Accounts (Account Takeover)_CVE-2026-25753