Information Disclosure Vulnerability in Portabilis i-Educar
CVE-2025-10607

5.3MEDIUM

Key Information:

Vendor

Portabilis

Status
I-educar
Vendor
CVE Published:
17 September 2025

What is CVE-2025-10607?

A vulnerability has been identified in Portabilis i-Educar versions up to 2.10 that allows attackers to exploit an unknown function within the /module/Avaliacao/diarioApi. This flaw can potentially lead to unauthorized access to sensitive information. The attack can be executed remotely, posing a significant risk, especially given that the exploit has been publicly disclosed. It is crucial for users of the affected product to implement immediate security measures to mitigate the risk of data exposure.

Affected Version(s)

i-Educar 2.0

i-Educar 2.1

i-Educar 2.2

References

https://vuldb.com/?id.324627
vdb-entry
https://vuldb.com/?ctiid.324627
signaturepermissions-required
https://vuldb.com/?submit.649875
third-party-advisory

CVSS V4

Score:
5.3
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
None
Availability:
None
Attack Vector:
Network
Attack Complexity:
Low
Attack Required:
None
Privileges Required:
Undefined
User Interaction:
None

Timeline

  • Vulnerability published

  • Vulnerability Reserved

Credit

marceloQz (VulDB User)
marceloQz (VulDB User)
.