CVE-2025-9760
Unknown Unknown - Not Provided
BaseFortify

Publication date: 2025-09-01

Last updated on: 2026-04-29

Assigner: VulDB

Description
A weakness has been identified in Portabilis i-Educar up to 2.10. This affects an unknown part of the file /module/Api/matricula of the component Matricula API. Executing manipulation can lead to improper authorization. It is possible to launch the attack remotely. The exploit has been made available to the public and could be exploited.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2025-09-01
Last Modified
2026-04-29
Generated
2026-06-16
AI Q&A
2025-09-01
EPSS Evaluated
2026-06-14
NVD
CVE-2025-9760
EUVD
EUVD-2025-28888
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
portabilis i-educar to 2.10.0 (inc)
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-285 The product does not perform or incorrectly performs an authorization check when an actor attempts to access a resource or perform an action.
CWE-266 A product incorrectly assigns a privilege to a particular actor, creating an unintended sphere of control for that actor.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

CVE-2025-9760 is an improper authorization vulnerability in Portabilis i-Educar up to version 2.10, specifically in the Matricula API component at the /module/Api/aluno endpoint. It allows unauthorized or low-privileged users to manipulate sensitive student enrollment data, such as deleting the dropout status, by bypassing authorization checks. The vulnerability can be exploited remotely and easily, with public proof-of-concept exploits available. [1, 2]

Impact Analysis

This vulnerability can lead to unauthorized deletion or modification of critical academic records, such as the dropout status of students. This compromises the integrity and reliability of educational data, potentially causing operational disruptions and loss of trust. Since the exploit is remotely executable and easy to perform, attackers can manipulate records without proper permissions, leading to data tampering and possible legal consequences. [1, 2]

Compliance Impact

The vulnerability allows unauthorized modification of sensitive educational data, which can lead to violations of data integrity and protection requirements under regulations like GDPR and HIPAA. Unauthorized data tampering may result in non-compliance with these standards, exposing organizations to legal and regulatory penalties. [2]

Detection Guidance

This vulnerability can be detected by monitoring for unauthorized or suspicious HTTP GET requests to the vulnerable endpoint `/module/Api/matricula` with parameters such as `oper=delete`, `resource=abandono`, and varying `id` values. For example, inspecting web server logs or using network monitoring tools to filter requests matching this pattern can help identify exploitation attempts. A sample command using curl to test the vulnerability (as a non-privileged user) is: curl -X GET 'http://localhost/module/Api/matricula?&oper=delete&resource=abandono&id=206' -H 'Cookie: i_educar_session=YOUR_SESSION_COOKIE' Additionally, using tools like tcpdump or Wireshark to capture HTTP traffic and filter for GET requests to `/module/Api/matricula` with suspicious parameters can aid detection. [2]

Mitigation Strategies

Currently, no effective countermeasures or mitigations are known for this vulnerability. The recommended immediate step is to replace or upgrade the affected Portabilis i-Educar product to a version that is not vulnerable. Until a patch or fix is available, restrict access to the vulnerable API endpoint by implementing network-level controls such as firewall rules or web application firewall (WAF) rules to block unauthorized requests. Monitoring and alerting on suspicious API usage is also advised. [1]

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2025-9760. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart