SQL Injection Vulnerability in Portabilis i-Educar Software
CVE-2025-9608

5.3MEDIUM

Key Information:

Vendor

Portabilis

Status
I-educar
Vendor
CVE Published:
29 August 2025

What is CVE-2025-9608?

A SQL injection vulnerability has been identified in the Portabilis i-Educar software up to version 2.10, specifically within the Formula de Cálculo de Média page. The weakness lies in the manipulation of the argument ID, allowing attackers to execute unauthorized SQL queries. This flaw facilitates remote exploitation, which could lead to potential data breaches and unauthorized access. The vulnerability has been publicly disclosed, emphasizing the need for immediate attention and remediation to safeguard sensitive data from malicious actors.

Affected Version(s)

i-Educar 2.0

i-Educar 2.1

i-Educar 2.2

References

https://vuldb.com/?id.321786
vdb-entrytechnical-description
https://vuldb.com/?ctiid.321786
signaturepermissions-required
https://vuldb.com/?submit.636579
third-party-advisory

CVSS V4

Score:
5.3
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
Low
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Attack Required:
None
Privileges Required:
Undefined
User Interaction:
None

Timeline

  • Vulnerability published

  • Vulnerability Reserved

Credit

marceloQz (VulDB User)
marceloQz (VulDB User)
.
CVE-2025-9608 : SQL Injection Vulnerability in Portabilis i-Educar Software