CVE-2025-8789
BaseFortify
Publication date: 2025-08-10
Last updated on: 2026-04-29
Assigner: VulDB
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| portabilis | i-educar | to 2.9.0 (inc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-285 | The product does not perform or incorrectly performs an authorization check when an actor attempts to access a resource or perform an action. |
| CWE-639 | The system's authorization functionality does not prevent one user from gaining access to another user's data or record by modifying the key value identifying the data. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
CVE-2025-8789 is an authorization vulnerability in Portabilis i-Educar up to version 2.9.0, specifically in the API endpoint /module/Api/Diario. It allows unauthorized users, even those without any permissions, to bypass authorization checks and modify sensitive data such as student grades. This happens because the API endpoint does not properly validate user roles or permissions before allowing actions, enabling attackers to manipulate academic records remotely. [1, 2]
How can this vulnerability impact me? :
This vulnerability can lead to unauthorized tampering with academic records, such as modifying student grades without permission. This compromises data integrity within educational institutions using Portabilis i-Educar, potentially causing legal issues, reputational damage, and loss of trust. Since the exploit is publicly available and can be executed remotely with ease, affected organizations face a significant risk of data manipulation. [1, 2]
How can this vulnerability be detected on my network or system? Can you suggest some commands?
This vulnerability can be detected by monitoring requests to the API endpoint `/module/Api/Diario` for unauthorized grade modification attempts. Since the exploit involves sending unauthorized POST requests with grade data using session cookies, network or application logs should be inspected for unusual or unauthorized access patterns to this endpoint. Specific commands depend on your environment, but for example, using curl to test unauthorized access could be: `curl -X POST -b 'session_cookie=...' https://yourserver/module/Api/Diario -d '{"grade": "value"}'` to see if unauthorized grade changes are accepted. Additionally, inspecting web server logs or API gateway logs for POST requests to `/module/Api/Diario` from users without proper privileges can help detect exploitation attempts. [1, 2]
What immediate steps should I take to mitigate this vulnerability?
Currently, no official patches or vendor mitigations are available for this vulnerability. Immediate steps include restricting access to the vulnerable API endpoint `/module/Api/Diario` by implementing network-level controls such as firewall rules or API gateway policies to limit access only to trusted users or IP addresses. Consider disabling or restricting the affected API endpoint if possible. Monitoring and alerting on suspicious activity targeting this endpoint is also recommended. As a longer-term measure, consider migrating to alternative products or versions not affected by this issue until an official fix is released. [2]