CVE-2025-9685

Опубликовано: 30 авг. 2025

Источник: nvd

CVSS3: 6.3

CVSS3: 8.8

CVSS2: 6.5

EPSS Низкий

Описание

A vulnerability was identified in Portabilis i-Educar up to 2.10. This vulnerability affects unknown code of the file /module/AreaConhecimento/view of the component Listagem de áreas de conhecimento Page. Such manipulation of the argument ID leads to sql injection. The attack can be executed remotely. The exploit is publicly available and might be used.

Ссылки

https://github.com/marcelomulder/CVE/blob/main/i-educar/CVE-2025-9685.md
Exploit
Third Party Advisory
https://github.com/marcelomulder/CVE/blob/main/i-educar/SQL%20Injection%20(Blind%20Time-Based)%20Vulnerability%20in%20%60id%60%20Parameter%20on%20%60.module.AreaConhecimento.view%60%20Endpoint.md
Broken Link
https://vuldb.com/?ctiid.321897
Permissions Required
VDB Entry
https://vuldb.com/?id.321897
Third Party Advisory
VDB Entry
https://vuldb.com/?submit.638576
Third Party Advisory
VDB Entry
https://github.com/marcelomulder/CVE/blob/main/i-educar/CVE-2025-9685.md
Exploit
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:portabilis:i-educar:*:*:*:*:*:*:*:*

Версия до 2.10 (включая)

EPSS

Процентиль: 5%

0.00023

Низкий

6.3 Medium

CVSS3

8.8 High

CVSS3

6.5 Medium

CVSS2

Дефекты

CWE-74

Связанные уязвимости

GHSA-7xqv-2x45-4r98

CVSS3: 6.3

github

5 месяцев назад

EPSS

Процентиль: 5%

0.00023

Низкий

6.3 Medium

CVSS3

8.8 High

CVSS3

6.5 Medium

CVSS2

Дефекты

CWE-74