How severe is CVE-2025-11554?

CVE-2025-11554 has a CVSS v3 score of 6.3 (MEDIUM).

CVE-2025-11554

Name: i-educar
Author: portabilis

6.3MEDIUM

A security vulnerability has been detected in Portabilis i-Educar up to 2.9.10. Affected by this issue is some unknown functionality of the file app/Http/Controllers/AccessLevelController.php of the c

Publicado: 10/9/2025Actualizado: 11/21/2025

Descripción

A security vulnerability has been detected in Portabilis i-Educar up to 2.9.10. Affected by this issue is some unknown functionality of the file app/Http/Controllers/AccessLevelController.php of the component User Type Handler. The manipulation leads to insecure inherited permissions. The attack may be initiated remotely. The exploit has been disclosed publicly and may be used.

Análisis IAImpulsado por IA

Productos Afectados

portabilisi-educar

Referencias

https://github.com/m3m0o/portabilis-ieducar-user-type-privilege-escalation
ExploitThird Party Advisory
https://vuldb.com/?ctiid.327714
Permissions RequiredVDB Entry
https://vuldb.com/?id.327714
Third Party AdvisoryVDB Entry
https://vuldb.com/?submit.671072
Third Party AdvisoryVDB Entry