CVE-2025-10073

Опубликовано: 08 сент. 2025

Источник: nvd

CVSS3: 4.3

CVSS2: 4

EPSS Низкий

Описание

A vulnerability was determined in Portabilis i-Educar up to 2.10. Impacted is an unknown function of the file /module/Api/turma. Executing manipulation can lead to improper authorization. It is possible to launch the attack remotely. The exploit has been publicly disclosed and may be utilized.

Ссылки

https://github.com/marcelomulder/CVE/blob/main/i-educar/Broken%20Object%20Level%20Authorization%20(BOLA)%20allows%20enumeration%20of%20classes%20informations%20via%20.module.Api.turma.md
Broken Link
https://github.com/marcelomulder/CVE/blob/main/i-educar/CVE-2025-10073.md
Exploit
Third Party Advisory
https://vuldb.com/?ctiid.323021
Permissions Required
VDB Entry
https://vuldb.com/?id.323021
Third Party Advisory
VDB Entry
https://vuldb.com/?submit.644136
Third Party Advisory
VDB Entry

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:portabilis:i-educar:*:*:*:*:*:*:*:*

Версия до 2.10.0 (включая)

EPSS

Процентиль: 5%

0.00021

Низкий

4.3 Medium

CVSS3

4 Medium

CVSS2

Дефекты

CWE-266

Связанные уязвимости

GHSA-7gpq-5jcr-fh27