How severe is CVE-2025-11554?

CVE-2025-11554 has a CVSS v3 score of 6.3 (MEDIUM).

CVE-2025-11554

Name: i-educar
Author: portabilis

6.3MEDIUM

A security vulnerability has been detected in Portabilis i-Educar up to 2.9.10. Affected by this issue is some unknown functionality of the file app/Http/Controllers/AccessLevelController.php of the c

发布于: 10/9/2025更新于: 11/21/2025

描述

A security vulnerability has been detected in Portabilis i-Educar up to 2.9.10. Affected by this issue is some unknown functionality of the file app/Http/Controllers/AccessLevelController.php of the component User Type Handler. The manipulation leads to insecure inherited permissions. The attack may be initiated remotely. The exploit has been disclosed publicly and may be used.

AI分析AI驱动

受影响产品

portabilisi-educar

参考资料

https://github.com/m3m0o/portabilis-ieducar-user-type-privilege-escalation
ExploitThird Party Advisory
https://vuldb.com/?ctiid.327714
Permissions RequiredVDB Entry
https://vuldb.com/?id.327714
Third Party AdvisoryVDB Entry
https://vuldb.com/?submit.671072
Third Party AdvisoryVDB Entry