Improper Authorization Vulnerability in Portabilis i-Educar API Endpoint
CVE-2025-8790
Key Information:
- Vendor
Portabilis
- Status
- Vendor
- CVE Published:
- 10 August 2025
Badges
What is CVE-2025-8790?
A serious improper authorization vulnerability exists in Portabilis i-Educar versions prior to 2.9.0, specifically in the API Endpoint component. The flaw occurs in the unspecified code of the '/module/Api/pessoa' file, where manipulation of the ID argument can allow unauthorized access to sensitive functionalities. This vulnerability can be exploited remotely, leading to potential exposure and exploitation of private personal information. Despite notifications sent to the vendor about this issue, no response or resolution has been documented, highlighting the urgency for users to be aware of this risk and take necessary precautions.
Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.
Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.
Affected Version(s)
i-Educar 2.0
i-Educar 2.1
i-Educar 2.2
Exploit Proof of Concept (PoC)
PoC code is written by security researchers to demonstrate the vulnerability can be exploited. PoC code is also a key component for weaponization which could lead to ransomware.
References
CVSS V4
Timeline
- ๐ก
Public PoC available
- ๐พ
Exploit known to exist
Vulnerability published
Vulnerability Reserved