Portabilis i-Diario Password Recovery Endpoint email observable response discrepancy

6.3 / 10

MEDIUM

CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:P

Description

A security flaw has been discovered in Portabilis i-Diario up to 1.5.0. Affected by this vulnerability is an unknown functionality of the file /password/email of the component Password Recovery Endpoint. The manipulation results in observable response discrepancy. It is possible to launch the attack remotely. This attack is characterized by high complexity. The exploitation appears to be difficult. The exploit has been released to the public and may be exploited.

Basic Information

ID CVE-2025-9109

Source VulDB

Published Aug 18, 2025 at 06:02

Affected Product

Vendor Portabilis

Product i-Diario

Version 1.0

Affected Versions Portabilis i-Diario 1.0
Portabilis i-Diario 1.1
Portabilis i-Diario 1.2
Portabilis i-Diario 1.3
Portabilis i-Diario 1.4
Portabilis i-Diario 1.5.0

CWE Classification

CWE-204 CWE-203

References

{
    "lastseen": "",
    "description": "A security flaw has been discovered in Portabilis i-Diario up to 1.5.0. Affected by this vulnerability is an unknown functionality of the file /password/email of the component Password Recovery Endpoint. The manipulation results in observable response discrepancy. It is possible to launch the attack remotely. This attack is characterized by high complexity. The exploitation appears to be difficult. The exploit has been released to the public and may be exploited.",
    "published": "2025-08-18T06:02:06.571Z",
    "modified": "2025-08-18T06:02:06.571Z",
    "type": "cve",
    "title": "Portabilis i-Diario Password Recovery Endpoint email observable response discrepancy",
    "source": "VulDB",
    "references": "https://vuldb.com/?id.320431\nhttps://vuldb.com/?ctiid.320431\nhttps://vuldb.com/?submit.627926",
    "id": "CVE-2025-9109",
    "bulletinFamily": "",
    "cwe": [
        "CWE-204",
        "CWE-203"
    ],
    "cvelist": null,
    "sourceData": "Portabilis i-Diario 1.0\nPortabilis i-Diario 1.1\nPortabilis i-Diario 1.2\nPortabilis i-Diario 1.3\nPortabilis i-Diario 1.4\nPortabilis i-Diario 1.5.0",
    "sourceHref": "",
    "cvss": {
        "score": 6.3,
        "severity": "MEDIUM",
        "vector": "CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:P",
        "version": "4.0"
    },
    "cvss2": [],
    "cvss3": {
        "version": "",
        "vectorString": "",
        "baseScore": 0,
        "baseSeverity": "",
        "attackVector": "",
        "attackComplexity": "",
        "privilegesRequired": "",
        "userInteraction": "",
        "scope": "",
        "confidentialityImpact": "",
        "integrityImpact": "",
        "availabilityImpact": "",
        "cvssV3": {
            "version": "",
            "vectorString": "",
            "baseScore": 0,
            "baseSeverity": "",
            "attackVector": "",
            "attackComplexity": "",
            "privilegesRequired": "",
            "userInteraction": "",
            "scope": "",
            "confidentialityImpact": "",
            "integrityImpact": "",
            "availabilityImpact": ""
        }
    },
    "href": "",
    "category_name": "CVE",
    "post_link": "",
    "product": "i-Diario",
    "version": "1.0",
    "vendor": "Portabilis",
    "ai_description": "",
    "ai_severity": "",
    "ai_vendor": "",
    "ai_product": "",
    "ai_version": "",
    "ai_score": 0
}

Portabilis i-Diario Password Recovery Endpoint email observable response discrepancy_CVE-2025-9109