Portabilis i-Educar User Type AccessLevelController.php insecure inherited permissions_CVE-2025-11554

5.3 / 10

MEDIUM

CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P

Description

A security vulnerability has been detected in Portabilis i-Educar up to 2.9.10. Affected by this issue is some unknown functionality of the file app/Http/Controllers/AccessLevelController.php of the component User Type Handler. The manipulation leads to insecure inherited permissions. The attack may be initiated remotely. The exploit has been disclosed publicly and may be used.

Basic Information

ID CVE-2025-11554

Source VulDB

Published Oct 9, 2025 at 20:02

Affected Product

Vendor Portabilis

Product i-Educar

Version 2.9.0

Affected Versions Portabilis i-Educar 2.9.0
Portabilis i-Educar 2.9.1
Portabilis i-Educar 2.9.2
Portabilis i-Educar 2.9.3
Portabilis i-Educar 2.9.4
Portabilis i-Educar 2.9.5
Portabilis i-Educar 2.9.6
Portabilis i-Educar 2.9.7
Portabilis i-Educar 2.9.8
Portabilis i-Educar 2.9.9
Portabilis i-Educar 2.9.10

CWE Classification

CWE-277 CWE-266

References

{
    "lastseen": "",
    "description": "A security vulnerability has been detected in Portabilis i-Educar up to 2.9.10. Affected by this issue is some unknown functionality of the file app/Http/Controllers/AccessLevelController.php of the component User Type Handler. The manipulation leads to insecure inherited permissions. The attack may be initiated remotely. The exploit has been disclosed publicly and may be used.",
    "published": "2025-10-09T20:02:06.510Z",
    "modified": "2025-10-09T20:02:06.510Z",
    "type": "cve",
    "title": "Portabilis i-Educar User Type AccessLevelController.php insecure inherited permissions",
    "source": "VulDB",
    "references": "https://vuldb.com/?id.327714\nhttps://vuldb.com/?ctiid.327714\nhttps://vuldb.com/?submit.671072\nhttps://docs.google.com/document/d/1yGubpU9I6JnkKsrdNRP6bUCeQv3ZDcknXAHOzFZBkGQ/",
    "id": "CVE-2025-11554",
    "bulletinFamily": "",
    "cwe": [
        "CWE-277",
        "CWE-266"
    ],
    "cvelist": null,
    "sourceData": "Portabilis i-Educar 2.9.0\nPortabilis i-Educar 2.9.1\nPortabilis i-Educar 2.9.2\nPortabilis i-Educar 2.9.3\nPortabilis i-Educar 2.9.4\nPortabilis i-Educar 2.9.5\nPortabilis i-Educar 2.9.6\nPortabilis i-Educar 2.9.7\nPortabilis i-Educar 2.9.8\nPortabilis i-Educar 2.9.9\nPortabilis i-Educar 2.9.10",
    "sourceHref": "",
    "cvss": {
        "score": 5.3,
        "severity": "MEDIUM",
        "vector": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P",
        "version": "4.0"
    },
    "cvss2": [],
    "cvss3": {
        "version": "",
        "vectorString": "",
        "baseScore": 0,
        "baseSeverity": "",
        "attackVector": "",
        "attackComplexity": "",
        "privilegesRequired": "",
        "userInteraction": "",
        "scope": "",
        "confidentialityImpact": "",
        "integrityImpact": "",
        "availabilityImpact": "",
        "cvssV3": {
            "version": "",
            "vectorString": "",
            "baseScore": 0,
            "baseSeverity": "",
            "attackVector": "",
            "attackComplexity": "",
            "privilegesRequired": "",
            "userInteraction": "",
            "scope": "",
            "confidentialityImpact": "",
            "integrityImpact": "",
            "availabilityImpact": ""
        }
    },
    "href": "",
    "category_name": "CVE",
    "post_link": "",
    "product": "i-Educar",
    "version": "2.9.0",
    "vendor": "Portabilis",
    "ai_description": "",
    "ai_severity": "",
    "ai_vendor": "",
    "ai_product": "",
    "ai_version": "",
    "ai_score": 0
}