Vulnerability Description
A flaw has been found in Portabilis i-Educar up to 2.10. This impacts an unknown function of the file /RegraAvaliacao/view. Executing manipulation of the argument ID can lead to sql injection. It is possible to launch the attack remotely. The exploit has been published and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Portabilis | I-Educar | <= 2.10 |
Related Weaknesses (CWE)
References
- https://karinagante.github.io/cve-2025-9532/ExploitThird Party Advisory
- https://karinagante.github.io/cve-2025-9532/#proof-of-concept-pocExploitThird Party Advisory
- https://vuldb.com/?ctiid.321551Permissions RequiredVDB Entry
- https://vuldb.com/?id.321551Third Party AdvisoryVDB Entry
- https://vuldb.com/?submit.635801Third Party AdvisoryVDB Entry
- https://github.com/KarinaGante/KGSec/blob/main/CVEs/i-educar/12.mdBroken Link
- https://github.com/KarinaGante/KGSec/blob/main/CVEs/i-educar/12.md#pocBroken Link
- https://vuldb.com/?submit.635801Third Party AdvisoryVDB Entry
FAQ
What is CVE-2025-9532?
CVE-2025-9532 is a vulnerability with a CVSS score of 6.3 (MEDIUM). A flaw has been found in Portabilis i-Educar up to 2.10. This impacts an unknown function of the file /RegraAvaliacao/view. Executing manipulation of the argument ID can lead to sql injection. It is p...
How severe is CVE-2025-9532?
CVE-2025-9532 has been rated MEDIUM with a CVSS base score of 6.3/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2025-9532?
Check the references section above for vendor advisories and patch information. Affected products include: Portabilis I-Educar.