CVE-2025-9760 is a medium severity vulnerability affecting Portabilis i-Educar versions up to 2.10, specifically in the Matricula API component located at /module/Api/matricula. The vulnerability stems from improper authorization controls, allowing an attacker to remotely manipulate API requests to perform unauthorized actions. The flaw does not require user interaction or elevated privileges beyond low-level privileges, and can be exploited over the network without authentication. The CVSS 4.0 base score is 5.3, reflecting moderate impact on confidentiality, integrity, and availability, with partial impact on each. The vulnerability allows attackers to bypass intended access restrictions, potentially accessing or modifying sensitive student enrollment data or related educational records. Although no public exploit is currently known to be actively used in the wild, proof-of-concept code has been made publicly available, increasing the risk of exploitation. The vulnerability does not require complex attack vectors or specialized conditions, making it accessible to moderately skilled threat actors. The lack of a patch link suggests that a fix may not yet be publicly available, emphasizing the need for immediate mitigation measures. Given the nature of the affected component, exploitation could lead to unauthorized data disclosure, data tampering, or disruption of enrollment processes within educational institutions using i-Educar.

For European organizations, particularly educational institutions using Portabilis i-Educar, this vulnerability poses a significant risk to the confidentiality and integrity of student and administrative data. Unauthorized access to enrollment information could lead to privacy violations under GDPR, reputational damage, and potential regulatory penalties. Manipulation of enrollment data could disrupt academic operations, affecting student registrations, course assignments, and institutional reporting. The remote exploitability without user interaction increases the likelihood of automated attacks or exploitation by external threat actors. Given the public availability of exploit code, European schools and education authorities using this software face an elevated threat level. The impact extends beyond data loss to operational disruption and compliance risks, which are critical in the education sector. Organizations may also face challenges in incident response and forensic investigations due to the subtle nature of authorization bypass attacks.

1. Immediate implementation of network-level access controls to restrict access to the i-Educar API endpoints, especially /module/Api/matricula, limiting exposure to trusted IP ranges or VPN-only access. 2. Deploy Web Application Firewalls (WAF) with custom rules to detect and block anomalous API requests indicative of authorization bypass attempts. 3. Conduct thorough access control audits and implement additional application-layer authorization checks where feasible, ensuring that all API calls are properly validated against user roles and permissions. 4. Monitor logs for unusual activity patterns related to the Matricula API, including unexpected data access or modification attempts. 5. Engage with Portabilis for timely patch updates and apply security patches as soon as they become available. 6. Educate IT and security teams within educational institutions about this vulnerability and the importance of rapid response. 7. Consider temporary disabling or isolating the vulnerable API module if operationally possible until a patch is deployed. 8. Implement multi-factor authentication and strict session management to reduce risk from compromised credentials that could be leveraged in conjunction with this vulnerability.