CVE-2025-11050
BaseFortify
Publication date: 2025-09-27
Last updated on: 2026-04-29
Assigner: VulDB
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| portabilis | i-educar | to 2.10.0 (inc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-285 | The product does not perform or incorrectly performs an authorization check when an actor attempts to access a resource or perform an action. |
| CWE-266 | A product incorrectly assigns a privilege to a particular actor, creating an unintended sphere of control for that actor. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability is a flaw in Portabilis i-Educar up to version 2.10, specifically affecting an unknown part of the file /periodo-lancamento. It allows an attacker to perform manipulations that lead to improper authorization, meaning unauthorized actions can be executed. The attack can be carried out remotely, and an exploit for this vulnerability has been published.
How can this vulnerability impact me? :
The vulnerability can impact you by allowing unauthorized users to perform actions they should not be permitted to do within the Portabilis i-Educar system. This can lead to potential data breaches, unauthorized data modification, or other security issues due to improper authorization. Since the attack can be executed remotely, it increases the risk of exploitation without physical access.