How severe is CVE-2025-11554?

CVE-2025-11554 has a CVSS v3 score of 6.3 (MEDIUM).

CVE-2025-11554

Name: i-educar
Author: portabilis

6.3MEDIUM

A security vulnerability has been detected in Portabilis i-Educar up to 2.9.10. Affected by this issue is some unknown functionality of the file app/Http/Controllers/AccessLevelController.php of the c

게시됨: 10/9/2025업데이트됨: 11/21/2025

설명

A security vulnerability has been detected in Portabilis i-Educar up to 2.9.10. Affected by this issue is some unknown functionality of the file app/Http/Controllers/AccessLevelController.php of the component User Type Handler. The manipulation leads to insecure inherited permissions. The attack may be initiated remotely. The exploit has been disclosed publicly and may be used.

AI 분석AI 기반

영향받는 제품

portabilisi-educar

참조

https://github.com/m3m0o/portabilis-ieducar-user-type-privilege-escalation
ExploitThird Party Advisory
https://vuldb.com/?ctiid.327714
Permissions RequiredVDB Entry
https://vuldb.com/?id.327714
Third Party AdvisoryVDB Entry
https://vuldb.com/?submit.671072
Third Party AdvisoryVDB Entry