Improper Access Controls in Portabilis i-Educar Software
CVE-2025-10071

5.3MEDIUM

Key Information:

Vendor

Portabilis

Status
I-educar
Vendor
CVE Published:
7 September 2025

What is CVE-2025-10071?

A vulnerability has been identified in Portabilis i-Educar versions up to 2.10, affecting the code associated with the /cancelar-enturmacao-em-lote/ endpoint. This weakness enables improper access controls, potentially allowing unauthorized users to exploit the system remotely. The issue highlights the need for stringent access control measures to prevent unauthorized actions and ensure system integrity.

Affected Version(s)

i-Educar 2.0

i-Educar 2.1

i-Educar 2.2

References

https://vuldb.com/?id.323019
vdb-entry
https://vuldb.com/?ctiid.323019
signaturepermissions-required
https://vuldb.com/?submit.644134
third-party-advisory

CVSS V4

Score:
5.3
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
Low
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Attack Required:
None
Privileges Required:
Undefined
User Interaction:
None

Timeline

  • Vulnerability published

  • Vulnerability Reserved

Credit

marceloQz (VulDB User)
marceloQz (VulDB User)
.
CVE-2025-10071 : Improper Access Controls in Portabilis i-Educar Software