PT-2025-36418 · Unknown · Portabilis I-Educar

Marceloqz

Publicado

2025-09-07

Atualizado

2025-09-09

CVE-2025-10071

CVSS v2.0

6.5

Média

Vetor

AV:N/AC:L/Au:S/C:P/I:P/A:P

Name of the Vulnerable Software and Affected Versions Portabilis i-Educar versions up to 2.10

Description A vulnerability exists in Portabilis i-Educar that allows for improper access controls. This issue affects unknown code within the /cancelar-enturmacao-em-lote/ API endpoint and can be exploited remotely. The exploit for this issue has been publicly disclosed.

Recommendations Versions prior to 2.10 should be updated. As a temporary workaround, restrict access to the /cancelar-enturmacao-em-lote/ API endpoint to minimize the risk of exploitation.

Exploit

Correção

Incorrect Privilege Assignment

Improper Access Control

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-266CWE-284

Identificadores relacionados

CVE-2025-10071

Produtos afetados

Portabilis I-Educar

PT-2025-36418 · Unknown · Portabilis I-Educar

CVE-2025-10071

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 12