CVE-2025-10608 – This vulnerability in Portabilis i-Educar allow... (How to Fix)

Q: What is the severity of CVE-2025-10608?

CVE-2025-10608 has a CVSS score of 6.3 (MEDIUM). This vulnerability in Portabilis i-Educar allows attackers to bypass access controls on the /enrollment-history/ endpoint, potentially accessing unauthorized student enrollment data. The vulnerability affects i-Educar versions up to 2.10 and can be exploited remotely without authentication. Educational institutions using this student management system are at risk of data exposure.

📋 TL;DR

This vulnerability in Portabilis i-Educar allows attackers to bypass access controls on the /enrollment-history/ endpoint, potentially accessing unauthorized student enrollment data. The vulnerability affects i-Educar versions up to 2.10 and can be exploited remotely without authentication. Educational institutions using this student management system are at risk of data exposure.

💻 Affected Systems

Products:

Portabilis i-Educar

Versions: Up to and including version 2.10

Operating Systems: Any OS running i-Educar

Default Config Vulnerable: ⚠️ Yes

Notes: All installations of i-Educar up to version 2.10 are vulnerable by default. The vulnerability is in the application code, not dependent on specific OS or configuration.

📦 What is this software?

I Educar by Portabilis

View all CVEs affecting I Educar →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Attackers could access, modify, or delete sensitive student enrollment records, potentially leading to data breaches, privacy violations, and manipulation of academic records.

🟠

Likely Case

Unauthorized access to student enrollment data, potentially exposing personally identifiable information (PII) and academic records.

🟢

If Mitigated

Limited impact with proper network segmentation and access controls, though the vulnerability still exists in the application.

🌐 Internet-Facing: HIGH - The vulnerability can be exploited remotely and the exploit is publicly available.

🏢 Internal Only: MEDIUM - Internal attackers could exploit this to access unauthorized data, but external exposure increases risk significantly.

🎯 Exploit Status

Public PoC: ⚠️ Yes

Weaponized: UNKNOWN

Unauthenticated Exploit: ⚠️ Yes

Complexity: LOW

The exploit is publicly documented and appears to be relatively simple to execute. Attackers can exploit this remotely without authentication.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Version 2.11 or later

Vendor Advisory: https://github.com/portabilis/i-educar/releases

Restart Required: No

Instructions:

1. Backup your current i-Educar installation and database. 2. Download the latest version (2.11+) from the official GitHub repository. 3. Follow the upgrade instructions in the release notes. 4. Test the upgrade in a staging environment first.

🔧 Temporary Workarounds

Restrict access to /enrollment-history/ endpoint

all

Use web application firewall (WAF) rules or reverse proxy configuration to block or restrict access to the vulnerable endpoint.

# Example nginx location block
location /enrollment-history/ {
    deny all;
    return 403;
}

Implement network segmentation

linux

Restrict network access to the i-Educar application to authorized users only using firewall rules.

# Example iptables rule
# iptables -A INPUT -p tcp --dport 80 -s trusted_network -j ACCEPT
# iptables -A INPUT -p tcp --dport 80 -j DROP

🧯 If You Can't Patch

Implement strict network access controls to limit who can reach the i-Educar application
Deploy a web application firewall (WAF) with rules to detect and block exploitation attempts
Enable detailed logging and monitoring for access to the /enrollment-history/ endpoint
Consider placing the application behind authentication proxy if not already protected

🔍 How to Verify

Check if Vulnerable:

Check if your i-Educar version is 2.10 or earlier. Attempt to access /enrollment-history/ endpoint with unauthorized credentials or without authentication to test for access control bypass.

Check Version:

Check the version in the application interface or review the application's version file if available.

Verify Fix Applied:

After upgrading to version 2.11+, verify that unauthorized access attempts to /enrollment-history/ endpoint are properly rejected with appropriate error messages.

📡 Detection & Monitoring

Log Indicators:

Multiple failed access attempts to /enrollment-history/
Unauthorized successful access to /enrollment-history/ endpoint
Unusual patterns of enrollment data access

Network Indicators:

HTTP requests to /enrollment-history/ from unexpected IP addresses
Unusual volume of requests to enrollment-related endpoints

SIEM Query:

source="web_server_logs" AND (uri="/enrollment-history/" OR uri CONTAINS "/enrollment-history/") AND (response_code=200 OR response_code=403) | stats count by src_ip, user_agent

📊 Metadata

CVE ID: CVE-2025-10608

CVSS v3 Score: 6.3 (MEDIUM)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L

CWE: CWE-266

EPSS Score: 0.03% exploit probability (8.4th percentile)

Published: September 17, 2025

Last Updated: September 18, 2025

🔗 References

https://github.com/marcelomulder/CVE/blob/main/i-educar/Broken%20Access%20Control%20Vulnerability%20%20in%20%60.enrollment-history.(ID)%60%20Endpoint.md Broken Link
https://github.com/marcelomulder/CVE/blob/main/i-educar/CVE-2025-10608.md Exploit,Third Party Advisory
https://vuldb.com/?ctiid.324628 Permissions Required,VDB Entry
https://vuldb.com/?id.324628 Third Party Advisory,VDB Entry
https://vuldb.com/?submit.649876 Third Party Advisory,VDB Entry
https://github.com/marcelomulder/CVE/blob/main/i-educar/CVE-2025-10608.md Exploit,Third Party Advisory
https://vuldb.com/?submit.649876 Third Party Advisory,VDB Entry

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2025-10608, you might also want to check these: