PlaciPy is Missing CSRF Protection on State-Changing Endpoints_CVE-2026-25812

9.3 / 10

CRITICAL

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N

Description

PlaciPy is a placement management system designed for educational institutions. In version 1.0.0, the application enables credentialed CORS requests but does not implement any CSRF protection mechanism.

AI Analysis

Missing CSRF protection on state-changing endpoints in PlaciPy placement management system

Basic Information

ID CVE-2026-25812

Source GitHub_M

Published Feb 9, 2026 at 21:03

Affected Product

Vendor Praskla-Technology

Product assessment-placipy

Version = 1.0.0

Affected Versions Praskla-Technology assessment-placipy = 1.0.0

CWE Classification

CWE-352

AI Assessment

AI Score 9.3 / 10

AI Severity CRITICAL

Vendor Praskla-Technology

Product PlaciPy

Version 1.0.0

References

github.com /Praskla-Technology/assessment-placipy/security/advisories/GHSA-99xx-fc63-wc39

{
    "lastseen": "",
    "description": "PlaciPy is a placement management system designed for educational institutions. In version 1.0.0, the application enables credentialed CORS requests but does not implement any CSRF protection mechanism.",
    "published": "2026-02-09T21:03:36.696Z",
    "modified": "2026-02-09T21:03:36.696Z",
    "type": "cve",
    "title": "PlaciPy is Missing CSRF Protection on State-Changing Endpoints",
    "source": "GitHub_M",
    "references": "https://github.com/Praskla-Technology/assessment-placipy/security/advisories/GHSA-99xx-fc63-wc39",
    "id": "CVE-2026-25812",
    "bulletinFamily": "",
    "cwe": [
        "CWE-352"
    ],
    "cvelist": null,
    "sourceData": "Praskla-Technology assessment-placipy = 1.0.0",
    "sourceHref": "",
    "cvss": {
        "score": 9.3,
        "severity": "CRITICAL",
        "vector": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N",
        "version": "4.0"
    },
    "cvss2": [],
    "cvss3": {
        "version": "",
        "vectorString": "",
        "baseScore": 0,
        "baseSeverity": "",
        "attackVector": "",
        "attackComplexity": "",
        "privilegesRequired": "",
        "userInteraction": "",
        "scope": "",
        "confidentialityImpact": "",
        "integrityImpact": "",
        "availabilityImpact": "",
        "cvssV3": {
            "version": "",
            "vectorString": "",
            "baseScore": 0,
            "baseSeverity": "",
            "attackVector": "",
            "attackComplexity": "",
            "privilegesRequired": "",
            "userInteraction": "",
            "scope": "",
            "confidentialityImpact": "",
            "integrityImpact": "",
            "availabilityImpact": ""
        }
    },
    "href": "",
    "category_name": "CVE",
    "post_link": "",
    "product": "assessment-placipy",
    "version": "= 1.0.0",
    "vendor": "Praskla-Technology",
    "ai_description": "Missing CSRF protection on state-changing endpoints in PlaciPy placement management system",
    "ai_severity": "CRITICAL",
    "ai_vendor": "Praskla-Technology",
    "ai_product": "PlaciPy",
    "ai_version": "1.0.0",
    "ai_score": 9.3
}