CVE-2025-10013
BaseFortify
Publication date: 2025-09-05
Last updated on: 2026-04-29
Assigner: VulDB
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| portabilis | i-educar | to 2.10.0 (inc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-266 | A product incorrectly assigns a privilege to a particular actor, creating an unintended sphere of control for that actor. |
| CWE-284 | The product does not restrict or incorrectly restricts access to a resource from an unauthorized actor. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
CVE-2025-10013 is a Broken Access Control vulnerability in Portabilis i-Educar up to version 2.10, specifically affecting the POST /exportacao-para-o-seb endpoint. Although authentication is required, the application fails to properly verify user permissions, allowing low-privileged users to bypass authorization checks and access restricted functionality remotely by sending crafted POST requests. [1, 2]
How can this vulnerability impact me? :
This vulnerability can lead to unauthorized access to restricted features, potentially causing privilege escalation, exposure of sensitive educational data, and compromise of the confidentiality, integrity, and availability of records. It may also result in reputational damage to the affected organization. [1, 2]
How can this vulnerability be detected on my network or system? Can you suggest some commands?
This vulnerability can be detected by monitoring for unauthorized or suspicious POST requests to the endpoint `/exportacao-para-o-seb`. Specifically, look for POST requests with parameters such as `ano=2025&ref_cod_instituicao=1&ref_cod_escola=4` coming from low-privileged users. Network monitoring tools or web server logs can be used to identify such requests. For example, using command-line tools like `grep` on web server logs: `grep 'POST /exportacao-para-o-seb' /var/log/apache2/access.log` or using network traffic analysis tools like `tcpdump` or `Wireshark` to filter HTTP POST requests to that endpoint. Additionally, checking application logs for unexpected access to this endpoint by low-privileged users can help detect exploitation attempts. [1]
What immediate steps should I take to mitigate this vulnerability?
Immediate mitigation steps include restricting access to the vulnerable endpoint `/exportacao-para-o-seb` by implementing proper access controls and permission checks to ensure only authorized users can access it. If possible, disable or block the endpoint temporarily until a patch or fix is applied. Monitoring and alerting on suspicious POST requests to this endpoint should be enabled. Since no known countermeasures or mitigations have been identified, it is recommended to replace the affected component (Portabilis i-Educar versions up to 2.10) with an alternative product or update to a fixed version once available. [2]