CVE-2025-9723
published 2025-08-31CVE-2025-9723: A vulnerability was found in Portabilis i-Educar up to 2.10. This affects an unknown function of the file /intranet/educar_tipo_regime_cad.php. Performing…
PriorityP431medium5.4CVSS 3.1
AVNACLPRLUIRSCCLILAN
EPSS
0.22%
12.1th percentile
A vulnerability was found in Portabilis i-Educar up to 2.10. This affects an unknown function of the file /intranet/educar_tipo_regime_cad.php. Performing manipulation of the argument nm_tipo results in cross site scripting. The attack can be initiated remotely. The exploit has been made public and could be used.
Affected
13 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| apache | nifi | — | — |
| portabilis | i-educar | <= 2.10 | — |
| portabilis | i-educar | — | — |
| portabilis | i-educar | — | — |
| portabilis | i-educar | — | — |
| portabilis | i-educar | — | — |
| portabilis | i-educar | — | — |
| portabilis | i-educar | — | — |
| portabilis | i-educar | — | — |
| portabilis | i-educar | — | — |
| portabilis | i-educar | — | — |
| portabilis | i-educar | — | — |
| portabilis | i-educar | — | — |
CVSS provenance
nvdv3.15.4MEDIUMCVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
nvdv4.02.0LOWCVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
nvdv2.04.0MEDIUMAV:N/AC:L/Au:S/C:N/I:P/A:N
vendor_apache6.9
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-45cw-92h9-h4hh: A vulnerability was found in Portabilis i-Educar up to 2
ghsa_unreviewed·2025-10-13
CVE-2025-9723 [MEDIUM] CWE-79 GHSA-45cw-92h9-h4hh: A vulnerability was found in Portabilis i-Educar up to 2
A vulnerability was found in Portabilis i-Educar up to 2.10. This affects an unknown function of the file /intranet/educar_tipo_regime_cad.php. Performing manipulation of the argument nm_tipo results in cross site scripting. The attack can be initiated remotely. The exploit has been made public and could be used.
Apache
Apache nifi: CVE-2025-27017
vendor_apache·CVSS 6.9
CVE-2025-27017 Apache nifi: CVE-2025-27017
Apache nifi: CVE-2025-27017
Title: Potential Insertion of MongoDB Password in Provenance Record Published: 2025-03-11 Severity: Medium Products: Apache NiFi Affected Versions: 1.13.0 to 2.2.0 Fixed Versions: 2.3.0 Reporter: Robert Creese References CVE Record: CVE-2025-27017 NVD Record: CVE-2025-27017 Apache Jira Issue: NIFI-14272 GitHub Pull Request: 9723 Apache NiFi 1.13.0 through 2.2.0 includes the username and password used to authenticate with MongoDB in the NiFi provenance events that MongoDB components generate during processing. An authorized user with read access to the provenance events of those processors may see the credentials information. Upgrading to Apache NiFi 2.3.0 is the recommended mitigation, which removes the credentials from provenance event records.
Severity: modera
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
2025-08-31
Published