Login Sign Up

CVE-2025-11048

6.3 MEDIUM
Authentication Bypass

📋 TL;DR

This vulnerability allows attackers to bypass authorization controls in Portabilis i-Educar's /consulta-dispensas endpoint, potentially accessing unauthorized data or functions. It affects i-Educar versions up to 2.10 and can be exploited remotely by authenticated users with lower privileges.

💻 Affected Systems

Products:
  • Portabilis i-Educar
Versions: Up to and including 2.10
Operating Systems: All platforms running i-Educar
Default Config Vulnerable: ⚠️ Yes
Notes: All deployments with the /consulta-dispensas endpoint accessible are vulnerable.

📦 What is this software?

I Educar by Portabilis

View all CVEs affecting I Educar →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Unauthorized users gain administrative access to sensitive student data, modify academic records, or disrupt educational operations.

🟠

Likely Case

Attackers access confidential student information or perform unauthorized actions within their authenticated privilege level.

🟢

If Mitigated

Limited impact with proper network segmentation, strong authentication, and monitoring in place.

🌐 Internet-Facing: HIGH
🏢 Internal Only: MEDIUM

🎯 Exploit Status

Public PoC: ⚠️ Yes
Weaponized: UNKNOWN
Unauthenticated Exploit: ✅ No
Complexity: LOW

Exploit details are publicly available on GitHub. Requires authenticated access but minimal technical skill to execute.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Version 2.11 or later

Vendor Advisory: https://github.com/portabilis/i-educar

Restart Required: No

Instructions:

1. Backup your i-Educar installation and database. 2. Update to i-Educar version 2.11 or later. 3. Verify the /consulta-dispensas endpoint now properly enforces authorization checks.

🔧 Temporary Workarounds

Block vulnerable endpoint

all

Temporarily block access to the /consulta-dispensas endpoint using web server configuration or WAF rules.

# Apache: RewriteRule ^/consulta-dispensas - [F]
# Nginx: location /consulta-dispensas { deny all; }

🧯 If You Can't Patch

  • Implement strict network access controls to limit who can reach the i-Educar application.
  • Enhance monitoring and alerting for unauthorized access attempts to the /consulta-dispensas endpoint.

🔍 How to Verify

Check if Vulnerable:

Test if authenticated users with limited privileges can access the /consulta-dispensas endpoint and perform actions beyond their role.

Check Version:

Check i-Educar version in admin panel or configuration files.

Verify Fix Applied:

After patching, verify that authorization checks are properly enforced on the /consulta-dispensas endpoint for all user roles.

📡 Detection & Monitoring

Log Indicators:

  • Multiple failed authorization attempts followed by successful access to /consulta-dispensas
  • User accounts accessing /consulta-dispensas endpoint without proper role permissions

Network Indicators:

  • Unusual patterns of requests to /consulta-dispensas endpoint from non-admin users

SIEM Query:

source="web_logs" AND uri="/consulta-dispensas" AND user_role!="admin"

📊 Metadata

CVE ID: CVE-2025-11048
CVSS v3 Score: 6.3 (MEDIUM)
CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
CWE: CWE-266
EPSS Score: 0.06% exploit probability (19.3th percentile)
Published: September 26, 2025
Last Updated: October 7, 2025

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2025-11048, you might also want to check these:

CVE-2026-23800 10.0

This vulnerability allows attackers to escalate privileges in Modular DS modular-connector WordPress...

Same vulnerability type (CWE-266)
CVE-2026-23550 10.0

This critical vulnerability in Modular DS allows attackers to escalate privileges due to incorrect p...

Same vulnerability type (CWE-266)
CVE-2025-41115 10.0

A critical vulnerability in Grafana's SCIM provisioning allows malicious SCIM clients to provision u...

Same vulnerability type (CWE-266)