CVE-2025-8790

A vulnerability was found in Portabilis i-Educar up to 2.9.0. It has been declared as critical. This vulnerability affects unknown code of the file /module/Api/pessoa of the component API Endpoint. The manipulation of the argument ID leads to improper authorization. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.

Published: Aug 10, 2025
Updated: Aug 10, 2025
CVE: CVE-2025-8790
Severity: Low
Exploit:

CVSS v3:

Severity: Low
Score: 4.3
AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

CWEs:

CWE-266
CWE-285

OWASP TOP 10:

A5 - Broken Access Control

Affected Software
References

Software	From	Fixed in
portabilis / i-educar	-	2.9.0.x

https://github.com/CVE-Hunters/CVE/blob/main/i-educar/CVE-2025-8790.md
https://vuldb.com/?ctiid.319318
https://vuldb.com/?id.319318
https://vuldb.com/?submit.625918

Vulnerability Database

CVE-2025-8790

Deep Security Visibility Without the Complexity