{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2026-25813", "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "state": "PUBLISHED", "assignerShortName": "GitHub_M", "dateReserved": "2026-02-05T19:58:01.643Z", "datePublished": "2026-02-09T21:04:46.261Z", "dateUpdated": "2026-02-10T15:58:30.406Z"}, "containers": {"cna": {"title": "PlaciPy Exposes Sensitive Data via Application Logs", "problemTypes": [{"descriptions": [{"cweId": "CWE-532", "lang": "en", "description": "CWE-532: Insertion of Sensitive Information into Log File", "type": "CWE"}]}], "metrics": [{"cvssV4_0": {"attackVector": "NETWORK", "attackComplexity": "LOW", "attackRequirements": "NONE", "privilegesRequired": "NONE", "userInteraction": "NONE", "vulnConfidentialityImpact": "HIGH", "vulnIntegrityImpact": "NONE", "vulnAvailabilityImpact": "NONE", "subConfidentialityImpact": "NONE", "subIntegrityImpact": "NONE", "subAvailabilityImpact": "NONE", "baseScore": 8.7, "baseSeverity": "HIGH", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N", "version": "4.0"}}], "references": [{"name": "https://github.com/Praskla-Technology/assessment-placipy/security/advisories/GHSA-3647-q595-wfr2", "tags": ["x_refsource_CONFIRM"], "url": "https://github.com/Praskla-Technology/assessment-placipy/security/advisories/GHSA-3647-q595-wfr2"}], "affected": [{"vendor": "Praskla-Technology", "product": "assessment-placipy", "versions": [{"version": "= 1.0.0", "status": "affected"}]}], "providerMetadata": {"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "shortName": "GitHub_M", "dateUpdated": "2026-02-09T21:04:46.261Z"}, "descriptions": [{"lang": "en", "value": "PlaciPy is a placement management system designed for educational institutions. In version 1.0.0, The application logs highly sensitive data directly to console output without masking or redaction."}], "source": {"advisory": "GHSA-3647-q595-wfr2", "discovery": "UNKNOWN"}}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2026-02-10T15:39:37.461144Z", "id": "CVE-2026-25813", "options": [{"Exploitation": "none"}, {"Automatable": "yes"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-02-10T15:58:30.406Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2026-25813", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "yes"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2026-02-10T15:39:37.461144Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-02-10T15:39:38.593Z"}}], "cna": {"title": "PlaciPy Exposes Sensitive Data via Application Logs", "source": {"advisory": "GHSA-3647-q595-wfr2", "discovery": "UNKNOWN"}, "metrics": [{"cvssV4_0": {"version": "4.0", "baseScore": 8.7, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N", "userInteraction": "NONE", "attackComplexity": "LOW", "attackRequirements": "NONE", "privilegesRequired": "NONE", "subIntegrityImpact": "NONE", "vulnIntegrityImpact": "NONE", "subAvailabilityImpact": "NONE", "vulnAvailabilityImpact": "NONE", "subConfidentialityImpact": "NONE", "vulnConfidentialityImpact": "HIGH"}}], "affected": [{"vendor": "Praskla-Technology", "product": "assessment-placipy", "versions": [{"status": "affected", "version": "= 1.0.0"}]}], "references": [{"url": "https://github.com/Praskla-Technology/assessment-placipy/security/advisories/GHSA-3647-q595-wfr2", "name": "https://github.com/Praskla-Technology/assessment-placipy/security/advisories/GHSA-3647-q595-wfr2", "tags": ["x_refsource_CONFIRM"]}], "descriptions": [{"lang": "en", "value": "PlaciPy is a placement management system designed for educational institutions. In version 1.0.0, The application logs highly sensitive data directly to console output without masking or redaction."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-532", "description": "CWE-532: Insertion of Sensitive Information into Log File"}]}], "providerMetadata": {"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "shortName": "GitHub_M", "dateUpdated": "2026-02-09T21:04:46.261Z"}}}, "cveMetadata": {"cveId": "CVE-2026-25813", "state": "PUBLISHED", "dateUpdated": "2026-02-10T15:58:30.406Z", "dateReserved": "2026-02-05T19:58:01.643Z", "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "datePublished": "2026-02-09T21:04:46.261Z", "assignerShortName": "GitHub_M"}, "dataVersion": "5.2"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:prasklatechnology:placipy:1.0.0:*:*:*:*:*:*:*", "matchCriteriaId": "6D45A3FA-CF6C-4A70-AF7F-696137CA9133", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "PlaciPy is a placement management system designed for educational institutions. In version 1.0.0, The application logs highly sensitive data directly to console output without masking or redaction."}, {"lang": "es", "value": "PlaciPy es un sistema de gesti\u00f3n de pr\u00e1cticas dise\u00f1ado para instituciones educativas. En la versi\u00f3n 1.0.0, la aplicaci\u00f3n registra datos altamente sensibles directamente en la salida de consola sin enmascaramiento ni anonimizaci\u00f3n."}], "id": "CVE-2026-25813", "lastModified": "2026-02-18T20:10:30.947", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}], "cvssMetricV40": [{"cvssData": {"Automatable": "NOT_DEFINED", "Recovery": "NOT_DEFINED", "Safety": "NOT_DEFINED", "attackComplexity": "LOW", "attackRequirements": "NONE", "attackVector": "NETWORK", "availabilityRequirement": "NOT_DEFINED", "baseScore": 8.7, "baseSeverity": "HIGH", "confidentialityRequirement": "NOT_DEFINED", "exploitMaturity": "NOT_DEFINED", "integrityRequirement": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedSubAvailabilityImpact": "NOT_DEFINED", "modifiedSubConfidentialityImpact": "NOT_DEFINED", "modifiedSubIntegrityImpact": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedVulnAvailabilityImpact": "NOT_DEFINED", "modifiedVulnConfidentialityImpact": "NOT_DEFINED", "modifiedVulnIntegrityImpact": "NOT_DEFINED", "privilegesRequired": "NONE", "providerUrgency": "NOT_DEFINED", "subAvailabilityImpact": "NONE", "subConfidentialityImpact": "NONE", "subIntegrityImpact": "NONE", "userInteraction": "NONE", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "version": "4.0", "vulnAvailabilityImpact": "NONE", "vulnConfidentialityImpact": "HIGH", "vulnIntegrityImpact": "NONE", "vulnerabilityResponseEffort": "NOT_DEFINED"}, "source": "security-advisories@github.com", "type": "Secondary"}]}, "published": "2026-02-09T22:16:02.860", "references": [{"source": "security-advisories@github.com", "tags": ["Mitigation", "Vendor Advisory"], "url": "https://github.com/Praskla-Technology/assessment-placipy/security/advisories/GHSA-3647-q595-wfr2"}], "sourceIdentifier": "security-advisories@github.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-532"}], "source": "security-advisories@github.com", "type": "Primary"}]}

{}

{"affected": [{"configurations": [{"platform": null, "status": "affected", "versions": {"scheme": "semver", "value": "1.0.0"}}], "product": "assessment-placipy", "vendor": "praskla-technology"}], "analysis": {"en": {"generated_at": "2026-04-17T21:11:23.803647+00:00", "value": {"mitigation_remediation": ["Upgrade to a patched version of PlaciPy once released by Praskla-Technology.", "If an update is unavailable, modify the application code to remove or mask sensitive data before it is logged to the console.", "Restrict permissions on the console and log files so that only authorized personnel can view them."], "summary": {"action": "Apply patch", "impact": "Sensitive data exposure via application logs"}, "threat_synthesis": {"affected_systems": "Praskla-Technology\u2019s assessment-placipy product, Version 1.0.0, is impacted by this flaw.", "description_and_impact": "The vulnerability in Version 1.0.0 of the PlaciPy placement management system causes the application to write highly sensitive data directly to console output without any masking or redaction. This results in the accidental disclosure of confidential information to anyone with access to the logs, allowing an attacker to read personal or institutional data that should remain private.", "risk_and_exploitability": "The flaw carries a CVSS score of 8.7, reflecting a high severity level. The Current Exploit Prediction Scoring System (EPSS) score is below 1%, indicating a low probability of exploitation at present, and the vulnerability is not listed in the CISA KEV catalog. The likely attack vector could involve local access to the application console or remote exploitation of another vulnerability that grants read access to console output; however, explicit details are not provided in the advisory."}}}}, "created": "2026-02-10T11:35:07.913245+00:00", "updated": "2026-04-17T21:15:27.385543+00:00", "vendors": ["praskla-technology", "praskla-technology$PRODUCT$assessment-placipy"]}