CVE-2025-11554
Unknown Unknown - Not Provided

BaseFortify

Vulnerability report for CVE-2025-11554, including description, CVSS score, EPSS score, affected products, exploitability, helpful resources, and attack-flow context.

Publication date: 2025-10-09

Last updated on: 2026-04-29

Assigner: VulDB

Description

A security vulnerability has been detected in Portabilis i-Educar up to 2.9.10. Affected by this issue is some unknown functionality of the file app/Http/Controllers/AccessLevelController.php of the component User Type Handler. The manipulation leads to insecure inherited permissions. The attack may be initiated remotely. The exploit has been disclosed publicly and may be used.

CVSS Scores

EPSS Scores

Probability:
Percentile:

Meta Information

Published
2025-10-09
Last Modified
2026-04-29
Generated
2026-07-06
AI Q&A
2025-10-09
EPSS Evaluated
2026-07-05
NVD

Affected Vendors & Products

Showing 1 associated CPE
Vendor Product Version / Range
portabilis i-educar From 2.1.13 (inc) to 2.9.10 (inc)

Helpful Resources

Exploitability

CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-277 A product defines a set of insecure permissions that are inherited by objects that are created by the program.
CWE-266 A product incorrectly assigns a privilege to a particular actor, creating an unintended sphere of control for that actor.

Attack-Flow Graph

AI Quick Actions

Instant insights powered by AI
Executive Summary

This vulnerability exists in Portabilis i-Educar up to version 2.9.10, specifically in the User Type Handler component within the file app/Http/Controllers/AccessLevelController.php. It allows manipulation that leads to insecure inherited permissions, meaning that access controls may be improperly assigned or escalated. The vulnerability can be exploited remotely and has been publicly disclosed.

Impact Analysis

The vulnerability can lead to unauthorized access or privilege escalation due to insecure inherited permissions. This means attackers could gain access to resources or perform actions they should not be allowed to, potentially compromising the confidentiality, integrity, and availability of the system.

Chat Assistant

Ask questions about this CVE
Hi! I’m here to help you understand CVE-2025-11554. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70

EPSS Chart