Improper Authorization in Portabilis i-Educar Software
CVE-2025-11048

5.3MEDIUM

Key Information:

Vendor

Portabilis

Status
I-educar
Vendor
CVE Published:
26 September 2025

What is CVE-2025-11048?

A security vulnerability has been identified in Portabilis i-Educar, specifically affecting versions up to 2.10. This vulnerability resides in the /consulta-dispensas endpoint, where it allows an attacker to exploit improper authorization mechanisms. Unauthorized users can manipulate requests remotely, leading to the potential for unauthorized access and exploitation. This issue has been publicly disclosed, raising concerns regarding the security posture of applications that rely on this software.

Affected Version(s)

i-Educar 2.0

i-Educar 2.1

i-Educar 2.2

References

https://vuldb.com/?id.326085
vdb-entry
https://vuldb.com/?ctiid.326085
signaturepermissions-required
https://vuldb.com/?submit.659202
third-party-advisory

CVSS V4

Score:
5.3
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
Low
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Attack Required:
None
Privileges Required:
Undefined
User Interaction:
None

Timeline

  • Vulnerability published

  • Vulnerability Reserved

Credit

marceloQz (VulDB User)
marceloQz (VulDB User)
JSON
.
CVE-2025-11048 : Improper Authorization in Portabilis i-Educar Software