CVE 2024-25980
Separate Groups mode restrictions were not honored in the H5P attempts report, which would display users from other groups. By default this only provided additional access to non-editing teachers.
See the 
CVE page on Mitre.org
for more details.
