Portabilis i-Educar Matricula API aluno improper authorization_CVE-2025-9760

5.3 / 10

MEDIUM

CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P

Description

A weakness has been identified in Portabilis i-Educar up to 2.10. This affects an unknown part of the file /module/Api/aluno of the component Matricula API. Executing manipulation can lead to improper authorization. It is possible to launch the attack remotely. The exploit has been made available to the public and could be exploited.

Basic Information

ID CVE-2025-9760

Source VulDB

Published Sep 1, 2025 at 04:02

Affected Product

Vendor Portabilis

Product i-Educar

Version 2.0

Affected Versions Portabilis i-Educar 2.0
Portabilis i-Educar 2.1
Portabilis i-Educar 2.2
Portabilis i-Educar 2.3
Portabilis i-Educar 2.4
Portabilis i-Educar 2.5
Portabilis i-Educar 2.6
Portabilis i-Educar 2.7
Portabilis i-Educar 2.8
Portabilis i-Educar 2.9
Portabilis i-Educar 2.10

CWE Classification

CWE-285 CWE-266

References

{
    "lastseen": "",
    "description": "A weakness has been identified in Portabilis i-Educar up to 2.10. This affects an unknown part of the file /module/Api/aluno of the component Matricula API. Executing manipulation can lead to improper authorization. It is possible to launch the attack remotely. The exploit has been made available to the public and could be exploited.",
    "published": "2025-09-01T04:02:06.278Z",
    "modified": "2025-09-01T04:02:06.278Z",
    "type": "cve",
    "title": "Portabilis i-Educar Matricula API aluno improper authorization",
    "source": "VulDB",
    "references": "https://vuldb.com/?id.322061\nhttps://vuldb.com/?ctiid.322061\nhttps://vuldb.com/?submit.640690\nhttps://github.com/marcelomulder/CVE/blob/main/i-educar/CVE-2025-9760.md\nhttps://github.com/marcelomulder/CVE/blob/main/i-educar/Broken%20Function%20Level%20Authorization%20on%20%60matricula%60%20API%20allows%20deletion%20of%20%E2%80%9Cabandono%E2%80%9D%20status.md#proof-of-concept-poc",
    "id": "CVE-2025-9760",
    "bulletinFamily": "",
    "cwe": [
        "CWE-285",
        "CWE-266"
    ],
    "cvelist": null,
    "sourceData": "Portabilis i-Educar 2.0\nPortabilis i-Educar 2.1\nPortabilis i-Educar 2.2\nPortabilis i-Educar 2.3\nPortabilis i-Educar 2.4\nPortabilis i-Educar 2.5\nPortabilis i-Educar 2.6\nPortabilis i-Educar 2.7\nPortabilis i-Educar 2.8\nPortabilis i-Educar 2.9\nPortabilis i-Educar 2.10",
    "sourceHref": "",
    "cvss": {
        "score": 5.3,
        "severity": "MEDIUM",
        "vector": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P",
        "version": "4.0"
    },
    "cvss2": [],
    "cvss3": {
        "version": "",
        "vectorString": "",
        "baseScore": 0,
        "baseSeverity": "",
        "attackVector": "",
        "attackComplexity": "",
        "privilegesRequired": "",
        "userInteraction": "",
        "scope": "",
        "confidentialityImpact": "",
        "integrityImpact": "",
        "availabilityImpact": "",
        "cvssV3": {
            "version": "",
            "vectorString": "",
            "baseScore": 0,
            "baseSeverity": "",
            "attackVector": "",
            "attackComplexity": "",
            "privilegesRequired": "",
            "userInteraction": "",
            "scope": "",
            "confidentialityImpact": "",
            "integrityImpact": "",
            "availabilityImpact": ""
        }
    },
    "href": "",
    "category_name": "CVE",
    "post_link": "",
    "product": "i-Educar",
    "version": "2.0",
    "vendor": "Portabilis",
    "ai_description": "",
    "ai_severity": "",
    "ai_vendor": "",
    "ai_product": "",
    "ai_version": "",
    "ai_score": 0
}