CVE-2025-9760

MEDIUM

Portabilis I-educar < 2.10.0 - Improper Authorization

Title source: rule

Description

A weakness has been identified in Portabilis i-Educar up to 2.10. This affects an unknown part of the file /module/Api/matricula of the component Matricula API. Executing manipulation can lead to improper authorization. It is possible to launch the attack remotely. The exploit has been made available to the public and could be exploited.

References (7)

Core 7

Core References

Third Party Advisory, VDB Entry vdb-entry technical-description

https://vuldb.com/?id.322061

Permissions Required, VDB Entry signature permissions-required

https://vuldb.com/?ctiid.322061

Third Party Advisory, VDB Entry third-party-advisory

https://vuldb.com/?submit.640690

Third Party Advisory, VDB Entry third-party-advisory

https://vuldb.com/?submit.643575

Third Party Advisory, VDB Entry third-party-advisory

https://vuldb.com/?submit.648827

Exploit, Third Party Advisory related

https://github.com/marcelomulder/CVE/blob/main/i-educar/CVE-2025-9760.md

View Exploit ZIP pw:eip

Broken Link broken-link exploit

https://github.com/marcelomulder/CVE/blob/main/i-educar/Broken%20Function%20Level%20Authorization%20on%20%60matricula%60%20API%20allows%20deletion%20of%20%E2%80%9Cabandono%E2%80%9D%20status.md#proof-of-concept-poc

Scores

CVSS v3 6.3

EPSS 0.0009

EPSS Percentile 25.9%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L

CISA SSVC

Vulnrichment

Exploitation poc

Automatable no

Technical Impact partial

Details

CWE

CWE-266 CWE-285

Status published

Products (1)

portabilis/i-educar < 2.10.0

Published Sep 01, 2025

Tracked Since Feb 18, 2026