CVE-2025-56747: Creativeitem Academy LMS up to and including 5.13 contains a privilege escalation vulnerability in the Api_instructor co
mediumvulnerability
security
Summary
Creativeitem Academy LMS version 5.13 and earlier has a privilege escalation vulnerability (a security flaw where users gain unauthorized higher-level permissions) in the Api_instructor controller that allows regular authenticated users to access functions meant only for instructors without proper role validation (checks that verify what a user is allowed to do). This could let unauthorized users create and manage courses.
Vulnerability Details
CVSS Score
6.5(medium)
EPSS (30-day exploit probability)
EPSS: 0.1%
Classification
Attack SophisticationTrivial
Original source: https://nvd.nist.gov/vuln/detail/CVE-2025-56747
First tracked: February 15, 2026 at 08:37 PM
Classified by LLM (prompt v3) · confidence: 95%