CVE-2025-9532 MEDIUM

CVE-2025-9532: Portabilis i-Educar view sql injection

Vendor Portabilis

Product i-Educar

Weakness CWE-89 · SQLi

Published August 27, 2025

Last update August 28, 2025

View on NVD All CVEs

CVSS base score

5.3/10

Attack vector Network

Attack complexity Low

Privileges required Low

User interaction None

Confidentiality —

Integrity —

CVSS vector

CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P

What the vulnerability does

01Description

A flaw has been found in Portabilis i-Educar up to 2.10. This impacts an unknown function of the file /RegraAvaliacao/view. Executing manipulation of the argument ID can lead to sql injection. It is possible to launch the attack remotely. The exploit has been published and may be used. The vendor was contacted early about this disclosure but did not respond in any way.

Key dates

02Disclosure timeline

August 27, 2025 CVE published

August 28, 2025 Record updated

External resources

03References

NVD — National Vulnerability Database https://nvd.nist.gov/vuln/detail/CVE-2025-9532 CWE — Common Weakness Enumeration https://cwe.mitre.org/data/definitions/89.html

Related vulnerabilities

Identifiers

CVE CVE-2025-9532

CWE CWE-89

CVSS 5.3 / MEDIUM

Affected versions

Vendor Portabilis

Product i-Educar

Affected 2.0

Vendor Portabilis

Product i-Educar

Affected 2.1

Vendor Portabilis

Product i-Educar

Affected 2.2

Vendor Portabilis

Product i-Educar

Affected 2.3

Vendor Portabilis

Product i-Educar

Affected 2.4

Vendor Portabilis

Product i-Educar

Affected 2.5

Vendor Portabilis

Product i-Educar

Affected 2.6

Vendor Portabilis

Product i-Educar

Affected 2.7

Vendor Portabilis

Product i-Educar

Affected 2.8

Vendor Portabilis

Product i-Educar

Affected 2.9

Vendor Portabilis

Product i-Educar

Affected 2.10

CVE-2025-9532: Portabilis i-Educar view sql injection

01Description

02Disclosure timeline

03References

04Related CVE