CVE-2025-9609
BaseFortify
Publication date: 2025-08-29
Last updated on: 2026-04-29
Assigner: VulDB
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| portabilis | i-educar | to 2.10 (inc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-285 | The product does not perform or incorrectly performs an authorization check when an actor attempts to access a resource or perform an action. |
| CWE-266 | A product incorrectly assigns a privilege to a particular actor, creating an unintended sphere of control for that actor. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
CVE-2025-9609 is a Broken Access Control vulnerability in Portabilis i-Educar up to version 2.10, specifically in the /educacenso/consulta endpoint. Although authentication is required, the application fails to enforce proper role-based access control, allowing authenticated users without the necessary Educacenso role to access restricted functionalities and sensitive educational census data. This improper authorization lets unauthorized users perform GET requests to retrieve sensitive data they should not access. [1, 2]
How can this vulnerability impact me? :
This vulnerability can lead to unauthorized access to sensitive educational data, potential privilege escalation, and possible data manipulation if write operations are accessible. It compromises confidentiality, integrity, and availability of the system. Since the exploit is publicly available and can be executed remotely without physical access, it poses a significant security risk. [1, 2]
How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:
The vulnerability results in unauthorized access to sensitive data, which can lead to breaches of confidentiality and data integrity. Such breaches may violate compliance requirements under regulations like GDPR and HIPAA that mandate strict controls over personal and sensitive data access and protection. [1]
How can this vulnerability be detected on my network or system? Can you suggest some commands?
This vulnerability can be detected by attempting to access the /educacenso/consulta endpoint with an authenticated user session that lacks the Educacenso role. If the server responds with HTTP 200 instead of HTTP 403 Forbidden, it indicates improper authorization. A simple detection command using curl could be: curl -i -b "session_cookie" https://target/educacenso/consulta -X GET. Monitoring for unauthorized GET requests to /educacenso/consulta in web server logs may also help detect exploitation attempts. [1]
What immediate steps should I take to mitigate this vulnerability?
Immediate mitigation steps include restricting access to the /educacenso/consulta endpoint to only users with the proper Educacenso role by implementing proper role-based access control (RBAC). Since no known countermeasures or patches are currently available, it is recommended to replace the affected Portabilis i-Educar versions (up to 2.10) with a secure alternative or wait for an official patch. Additionally, monitor and block suspicious requests targeting this endpoint and review user privileges to minimize risk. [2]