CVE-2025-8790

CVSS v3.1

4.3

Medium

Vector

AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

Name of the Vulnerable Software and Affected Versions: Portabilis i-Educar versions up to 2.9.0

Description: A critical issue exists in Portabilis i-Educar related to improper authorization. The vulnerability is located in the API Endpoint component, specifically within the /module/Api/pessoa file. Manipulation of the ID argument can lead to unauthorized access. The exploit is publicly available and can be initiated remotely. The vendor was informed of this issue but did not provide a response.

Recommendations: Versions prior to 2.9.0: Address improper authorization by validating the ID argument in the /module/Api/pessoa API Endpoint.

Exploit

Fix

Improper Authorization

Incorrect Privilege Assignment

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-285CWE-266

Related Identifiers

CVE-2025-8790

Affected Products

Portabilis I-Educar

CVE-2025-8790

Weakness Enumeration

Related Identifiers

Affected Products

References · 10