CVE-2025-11554

MEDIUM

Portabilis i-Educar <2.9.10 - Privilege Escalation

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2025-11554. PoCs published by m3m0o.

AI-analyzed exploit summary This repository contains a functional exploit for CVE-2025-11554, demonstrating privilege escalation in Portabilis i-Educar by manipulating user type permissions via arbitrary requests to vulnerable endpoints.

Description

A security vulnerability has been detected in Portabilis i-Educar up to 2.9.10. Affected by this issue is some unknown functionality of the file app/Http/Controllers/AccessLevelController.php of the component User Type Handler. The manipulation leads to insecure inherited permissions. The attack may be initiated remotely. The exploit has been disclosed publicly and may be used.

Exploits (1)

github WORKING POC 1 stars
by m3m0o · pythonpoc
https://github.com/m3m0o/portabilis-ieducar-user-type-privilege-escalation

This repository contains a functional exploit for CVE-2025-11554, demonstrating privilege escalation in Portabilis i-Educar by manipulating user type permissions via arbitrary requests to vulnerable endpoints.

Classification
Working Poc 95%
Attack Type
Auth Bypass
Complexity
Moderate
Reliability
Reliable
Target: Portabilis i-Educar >= 2.1.13
Auth required
Prerequisites: valid user credentials or session cookie · access to the target i-Educar instance
devstral-2 · analyzed May 17, 2026 Full analysis →

References (4)

Core 4
Core References
Third Party Advisory, VDB Entry vdb-entry technical-description
https://vuldb.com/?id.327714
Permissions Required, VDB Entry signature permissions-required
https://vuldb.com/?ctiid.327714
Third Party Advisory, VDB Entry third-party-advisory
https://vuldb.com/?submit.671072

Scores

CVSS v3 6.3
EPSS 0.0034
EPSS Percentile 25.9%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L

CISA SSVC

Vulnrichment
Exploitation poc
Automatable no
Technical Impact partial

Details

CWE
CWE-266 CWE-277
Status published
Products (1)
portabilis/i-educar 2.1.13 - 2.9.10
Published Oct 09, 2025
Tracked Since Feb 18, 2026