Security Flaw in Portabilis i-Diario Password Recovery Functionality
CVE-2025-9109

6.3MEDIUM

Key Information:

Vendor: Portabilis
Status: I-diario
Vendor: CVE Published:; 18 August 2025

What is CVE-2025-9109?

An operational flaw has been identified in the Password Recovery Endpoint of Portabilis i-Diario that permits remote attackers to exploit observable discrepancies in responses. The vulnerability arises from the erroneous handling of requests at the /password/email endpoint, potentially allowing unauthorized manipulation. Although the complexity level for exploiting this attack is considered high, publicly available exploits indicate that it remains a notable risk for users of i-Diario versions up to 1.5.0.