Vulnerability Description
A vulnerability was identified in Portabilis i-Educar up to 2.10. This vulnerability affects unknown code of the file /module/AreaConhecimento/view of the component Listagem de áreas de conhecimento Page. Such manipulation of the argument ID leads to sql injection. The attack can be executed remotely. The exploit is publicly available and might be used.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Portabilis | I-Educar | <= 2.10 |
Related Weaknesses (CWE)
References
- https://github.com/marcelomulder/CVE/blob/main/i-educar/CVE-2025-9685.mdExploitThird Party Advisory
- https://github.com/marcelomulder/CVE/blob/main/i-educar/SQL%20Injection%20(BlindBroken Link
- https://vuldb.com/?ctiid.321897Permissions RequiredVDB Entry
- https://vuldb.com/?id.321897Third Party AdvisoryVDB Entry
- https://vuldb.com/?submit.638576Third Party AdvisoryVDB Entry
- https://github.com/marcelomulder/CVE/blob/main/i-educar/CVE-2025-9685.mdExploitThird Party Advisory
FAQ
What is CVE-2025-9685?
CVE-2025-9685 is a vulnerability with a CVSS score of 6.3 (MEDIUM). A vulnerability was identified in Portabilis i-Educar up to 2.10. This vulnerability affects unknown code of the file /module/AreaConhecimento/view of the component Listagem de áreas de conhecimento P...
How severe is CVE-2025-9685?
CVE-2025-9685 has been rated MEDIUM with a CVSS base score of 6.3/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2025-9685?
Check the references section above for vendor advisories and patch information. Affected products include: Portabilis I-Educar.