CVE-2025-11048 MEDIUM

CVE-2025-11048: Portabilis i-Educar consulta-dispensas improper authorization

Vendor Portabilis
Product i-Educar
Weakness CWE-285
Published September 26, 2025
Last update September 29, 2025
View on NVD All CVEs

CVSS base score

5.3/10
Attack vector Network
Attack complexity Low
Privileges required Low
User interaction None
Confidentiality
Integrity

CVSS vector

CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P

What the vulnerability does

01Description

A security vulnerability has been detected in Portabilis i-Educar up to 2.10. Affected by this vulnerability is an unknown functionality of the file /consulta-dispensas. Such manipulation leads to improper authorization. The attack may be launched remotely. The exploit has been disclosed publicly and may be used.

Key dates

02Disclosure timeline

September 26, 2025 CVE published
September 29, 2025 Record updated

Related vulnerabilities

04Related CVE

CVE-2024-9082 SourceCodester Online Eyewear Shop User Creation Users.php improper authorization CVE-2026-40246 free5gc UDR improper path validation allows unauthenticated deletion of Traffic Influence Subscriptions CVE-2021-24192 Tree Sitemap < 2.9 - Arbitrary Plugin Installation/Activation via Low Privilege User CVE-2024-11860 SourceCodester Best House Rental Management System POST Request ajax.php improper authorization CVE-2026-6977 vanna-ai vanna Legacy Flask API improper authorization