CVE-2025-11554
BaseFortify
Publication date: 2025-10-09
Last updated on: 2026-04-29
Assigner: VulDB
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| portabilis | i-educar | From 2.1.13 (inc) to 2.9.10 (inc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-277 | A product defines a set of insecure permissions that are inherited by objects that are created by the program. |
| CWE-266 | A product incorrectly assigns a privilege to a particular actor, creating an unintended sphere of control for that actor. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability exists in Portabilis i-Educar up to version 2.9.10, specifically in the User Type Handler component within the file app/Http/Controllers/AccessLevelController.php. It allows manipulation that leads to insecure inherited permissions, meaning that access controls may be improperly assigned or escalated. The vulnerability can be exploited remotely and has been publicly disclosed.
How can this vulnerability impact me? :
The vulnerability can lead to unauthorized access or privilege escalation due to insecure inherited permissions. This means attackers could gain access to resources or perform actions they should not be allowed to, potentially compromising the confidentiality, integrity, and availability of the system.