{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2025-8789", "assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5", "state": "PUBLISHED", "assignerShortName": "VulDB", "dateReserved": "2025-08-09T05:11:28.794Z", "datePublished": "2025-08-10T02:02:05.666Z", "dateUpdated": "2025-08-10T02:02:05.666Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5", "shortName": "VulDB", "dateUpdated": "2025-08-10T02:02:05.666Z"}, "title": "Portabilis i-Educar API Endpoint Diario authorization", "problemTypes": [{"descriptions": [{"type": "CWE", "cweId": "CWE-639", "lang": "en", "description": "Authorization Bypass"}]}, {"descriptions": [{"type": "CWE", "cweId": "CWE-285", "lang": "en", "description": "Improper Authorization"}]}], "affected": [{"vendor": "Portabilis", "product": "i-Educar", "versions": [{"version": "2.0", "status": "affected"}, {"version": "2.1", "status": "affected"}, {"version": "2.2", "status": "affected"}, {"version": "2.3", "status": "affected"}, {"version": "2.4", "status": "affected"}, {"version": "2.5", "status": "affected"}, {"version": "2.6", "status": "affected"}, {"version": "2.7", "status": "affected"}, {"version": "2.8", "status": "affected"}, {"version": "2.9.0", "status": "affected"}], "modules": ["API Endpoint"]}], "descriptions": [{"lang": "en", "value": "A vulnerability was found in Portabilis i-Educar up to 2.9.0. It has been classified as problematic. This affects an unknown part of the file /module/Api/Diario of the component API Endpoint. The manipulation leads to authorization bypass. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way."}, {"lang": "de", "value": "Es wurde eine Schwachstelle in Portabilis i-Educar bis 2.9.0 ausgemacht. Sie wurde als problematisch eingestuft. Es geht dabei um eine nicht klar definierte Funktion der Datei /module/Api/Diario der Komponente API Endpoint. Durch das Beeinflussen mit unbekannten Daten kann eine authorization bypass-Schwachstelle ausgenutzt werden. Der Angriff kann \u00fcber das Netzwerk passieren. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung."}], "metrics": [{"cvssV4_0": {"version": "4.0", "baseScore": 5.3, "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:P", "baseSeverity": "MEDIUM"}}, {"cvssV3_1": {"version": "3.1", "baseScore": 4.3, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N/E:P/RL:X/RC:R", "baseSeverity": "MEDIUM"}}, {"cvssV3_0": {"version": "3.0", "baseScore": 4.3, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N/E:P/RL:X/RC:R", "baseSeverity": "MEDIUM"}}, {"cvssV2_0": {"version": "2.0", "baseScore": 4, "vectorString": "AV:N/AC:L/Au:S/C:P/I:N/A:N/E:POC/RL:ND/RC:UR"}}], "timeline": [{"time": "2025-08-09T00:00:00.000Z", "lang": "en", "value": "Advisory disclosed"}, {"time": "2025-08-09T02:00:00.000Z", "lang": "en", "value": "VulDB entry created"}, {"time": "2025-08-09T18:45:38.000Z", "lang": "en", "value": "VulDB entry last update"}], "credits": [{"lang": "en", "value": "Natan Morette (CVE-Hunters)", "type": "finder"}, {"lang": "en", "value": "nmmorette (VulDB User)", "type": "reporter"}, {"lang": "en", "value": "nmmorette (VulDB User)", "type": "analyst"}], "references": [{"url": "https://vuldb.com/?id.319317", "name": "VDB-319317 | Portabilis i-Educar API Endpoint Diario authorization", "tags": ["vdb-entry"]}, {"url": "https://vuldb.com/?ctiid.319317", "name": "VDB-319317 | CTI Indicators (IOB, IOC, IOA)", "tags": ["signature", "permissions-required"]}, {"url": "https://vuldb.com/?submit.625917", "name": "Submit #625917 | Portabilis i-Educar 2.10.0 Authorization Bypass", "tags": ["third-party-advisory"]}, {"url": "https://github.com/CVE-Hunters/CVE/blob/main/i-educar/CVE-2025-8789.md", "tags": ["exploit"]}]}}}

{}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "A vulnerability was found in Portabilis i-Educar up to 2.9.0. It has been classified as problematic. This affects an unknown part of the file /module/Api/Diario of the component API Endpoint. The manipulation leads to authorization bypass. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way."}, {"lang": "es", "value": "Se encontr\u00f3 una vulnerabilidad en Portabilis i-Educar hasta la versi\u00f3n 2.9.0. Se ha clasificado como problem\u00e1tica. Afecta a una parte desconocida del archivo /module/Api/Diario del componente API Endpoint. La manipulaci\u00f3n permite eludir la autorizaci\u00f3n. El ataque puede ejecutarse en remoto. Se ha hecho p\u00fablico el exploit y puede que sea utilizado. Se contact\u00f3 al proveedor con antelaci\u00f3n sobre esta divulgaci\u00f3n, pero no respondi\u00f3."}], "id": "CVE-2025-8789", "lastModified": "2025-08-11T18:32:48.867", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "SINGLE", "availabilityImpact": "NONE", "baseScore": 4.0, "confidentialityImpact": "PARTIAL", "integrityImpact": "NONE", "vectorString": "AV:N/AC:L/Au:S/C:P/I:N/A:N", "version": "2.0"}, "exploitabilityScore": 8.0, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "cna@vuldb.com", "type": "Secondary", "userInteractionRequired": false}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 4.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 1.4, "source": "cna@vuldb.com", "type": "Primary"}], "cvssMetricV40": [{"cvssData": {"Automatable": "NOT_DEFINED", "Recovery": "NOT_DEFINED", "Safety": "NOT_DEFINED", "attackComplexity": "LOW", "attackRequirements": "NONE", "attackVector": "NETWORK", "availabilityRequirement": "NOT_DEFINED", "baseScore": 5.3, "baseSeverity": "MEDIUM", "confidentialityRequirement": "NOT_DEFINED", "exploitMaturity": "PROOF_OF_CONCEPT", "integrityRequirement": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedSubAvailabilityImpact": "NOT_DEFINED", "modifiedSubConfidentialityImpact": "NOT_DEFINED", "modifiedSubIntegrityImpact": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedVulnAvailabilityImpact": "NOT_DEFINED", "modifiedVulnConfidentialityImpact": "NOT_DEFINED", "modifiedVulnIntegrityImpact": "NOT_DEFINED", "privilegesRequired": "LOW", "providerUrgency": "NOT_DEFINED", "subAvailabilityImpact": "NONE", "subConfidentialityImpact": "NONE", "subIntegrityImpact": "NONE", "userInteraction": "NONE", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "version": "4.0", "vulnAvailabilityImpact": "NONE", "vulnConfidentialityImpact": "LOW", "vulnIntegrityImpact": "NONE", "vulnerabilityResponseEffort": "NOT_DEFINED"}, "source": "cna@vuldb.com", "type": "Secondary"}]}, "published": "2025-08-10T03:15:32.073", "references": [{"source": "cna@vuldb.com", "url": "https://github.com/CVE-Hunters/CVE/blob/main/i-educar/CVE-2025-8789.md"}, {"source": "cna@vuldb.com", "url": "https://vuldb.com/?ctiid.319317"}, {"source": "cna@vuldb.com", "url": "https://vuldb.com/?id.319317"}, {"source": "cna@vuldb.com", "url": "https://vuldb.com/?submit.625917"}], "sourceIdentifier": "cna@vuldb.com", "vulnStatus": "Awaiting Analysis", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-285"}, {"lang": "en", "value": "CWE-639"}], "source": "cna@vuldb.com", "type": "Primary"}]}

{}