Access Control Vulnerability in Portabilis i-Educar Web Application
CVE-2025-10608
5.3MEDIUM
What is CVE-2025-10608?
A vulnerability in the Portabilis i-Educar application up to version 2.10 allows for improper access controls via the '/enrollment-history/' function. This flaw enables unauthorized users to manipulate data and access sensitive information remotely, risking the integrity of the application's security. The exploit has been made public, increasing the urgency for users to address this issue.
Affected Version(s)
i-Educar 2.0
i-Educar 2.1
i-Educar 2.2
References
CVSS V4
Score:
5.3
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
Low
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Attack Required:
None
Privileges Required:
Undefined
User Interaction:
None
Timeline
Vulnerability published
Vulnerability Reserved
Credit
marceloQz (VulDB User)
marceloQz (VulDB User)