CVE-2025-10072
📋 TL;DR
This vulnerability in Portabilis i-Educar allows attackers to bypass access controls on the student enrollment endpoint, potentially manipulating student class assignments without proper authorization. It affects i-Educar versions up to 2.10 and can be exploited remotely by authenticated users.
💻 Affected Systems
- Portabilis i-Educar
📦 What is this software?
I Educar by Portabilis
⚠️ Risk & Real-World Impact
Worst Case
Attackers could arbitrarily reassign students to different classes, modify academic records, disrupt school operations, or escalate privileges within the system.
Likely Case
Unauthorized modification of student enrollment data, potentially affecting class rosters, academic scheduling, and student records.
If Mitigated
Proper access controls would prevent unauthorized modifications, limiting impact to legitimate administrative functions only.
🎯 Exploit Status
Exploit details are publicly available in GitHub repositories, requiring authenticated access but minimal technical skill to execute.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: Version 2.11 or later
Vendor Advisory: https://github.com/portabilis/i-educar/releases
Restart Required: No
Instructions:
1. Backup your i-Educar installation and database. 2. Download i-Educar version 2.11 or later from the official repository. 3. Follow the upgrade instructions in the release notes. 4. Verify the patch by testing the affected endpoint.
🔧 Temporary Workarounds
Endpoint Restriction
allTemporarily block or restrict access to the vulnerable endpoint using web server configuration or WAF rules.
# Apache: RewriteRule ^/matricula/.*/enturmar/.*$ - [F]
# Nginx: location ~ ^/matricula/.*/enturmar/.*$ { return 403; }
🧯 If You Can't Patch
- Implement strict access controls and monitoring on the /matricula/ endpoints
- Deploy a web application firewall (WAF) with rules to detect and block unauthorized access patterns
🔍 How to Verify
Check if Vulnerable:
Test if authenticated users can access /matricula/[any_student_id]/enturmar/ endpoint without proper authorization checks.Check Version:
Check i-Educar version in admin panel or configuration filesVerify Fix Applied:
After patching, verify that proper authorization checks are enforced on the /matricula/[ID_STUDENT]/enturmar/ endpoint.📡 Detection & Monitoring
Log Indicators:
- Unusual access patterns to /matricula/*/enturmar/ endpoints
- Multiple failed authorization attempts followed by successful access
Network Indicators:
- HTTP requests to /matricula/[ID_STUDENT]/enturmar/ from unauthorized IPs or users
SIEM Query:
source="web_logs" AND uri="/matricula/*/enturmar/*" AND (user NOT IN authorized_users OR status=200)🔗 References
- https://github.com/marcelomulder/CVE/blob/main/i-educar/Broken%20Access%20Control%20%20in%20.matricula.(ID_STUDENT).enturmar.(ID_CLASS)%60%20Endpoint.md
- https://github.com/marcelomulder/CVE/blob/main/i-educar/CVE-2025-10072.md
- https://vuldb.com/?ctiid.323020
- https://vuldb.com/?id.323020
- https://vuldb.com/?submit.644135
