CVE-2025-9109— Portabilis i-Diario Password Recovery Endpoint email observable response discrepancy
Get alerts for future matching vulnerabilitiesLog in to subscribe
I. Basic Information for CVE-2025-9109
Vulnerability Information
Have questions about the vulnerability? See if Shenlong's analysis helps!
View Shenlong Deep Dive ↗ Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Portabilis i-Diario Password Recovery Endpoint email observable response discrepancy
Source: NVD (National Vulnerability Database)
Vulnerability Description
A security flaw has been discovered in Portabilis i-Diario up to 1.5.0. Affected by this vulnerability is an unknown functionality of the file /password/email of the component Password Recovery Endpoint. The manipulation results in observable response discrepancy. It is possible to launch the attack remotely. This attack is characterized by high complexity. The exploitation appears to be difficult. The exploit has been released to the public and may be exploited.
Source: NVD (National Vulnerability Database)
CVSS Information
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N
Source: NVD (National Vulnerability Database)
Vulnerability Type
响应差异性信息暴露
Source: NVD (National Vulnerability Database)
Vulnerability Title
Portabilis i‑Diário 安全漏洞
Source: CNNVD (China National Vulnerability Database)
Vulnerability Description
Portabilis i‑Diário是巴西Portabilis开源的一个学校教学日历与教师互动管理系统。 Portabilis i‑Diário 1.5.0及之前版本存在安全漏洞,该漏洞源于组件Password Recovery Endpoint在响应时存在差异,可被远程攻击者利用进行用户枚举攻击。
Source: CNNVD (China National Vulnerability Database)
CVSS Information
N/A
Source: CNNVD (China National Vulnerability Database)
Vulnerability Type
N/A
Source: CNNVD (China National Vulnerability Database)
Affected Products
| Vendor | Product | Affected Versions | CPE | Subscribe |
|---|---|---|---|---|
| Portabilis | i-Diario | 1.0 | - |
II. Public POCs for CVE-2025-9109
| # | POC Description | Source Link | Shenlong Link |
|---|
AI-Generated POCPremium
No public POC found.
Login to generate AI POCIII. Intelligence Information for CVE-2025-9109
请登录查看更多情报信息。
Same Patch Batch · Portabilis · 2025-08-18 · 6 CVEs total
| CVE-2025-9108 | 4.3 MEDIUM | Portabilis i-Diario Login Page ui layer |
| CVE-2025-9107 | 4.3 MEDIUM | Portabilis i-Diario search_autocomplete cross site scripting |
| CVE-2025-9106 | 3.5 LOW | Portabilis i-Diario Informações Adicionais /planos-de-ensino-por-disciplina cross site scr |
| CVE-2025-9105 | 3.5 LOW | Portabilis i-Diario Informações Adicionais /planos-de-ensino-por-areas-de-conhecimento cro |
| CVE-2025-9104 | 3.5 LOW | Portabilis i-Diario Informações Adicionais /planos-de-aulas-por-disciplina cross site scri |
IV. Related Vulnerabilities
Same product: i-Diario
- CVE-2025-9108
Portabilis i-Diario Login Page ui layer - CVE-2025-9107
Portabilis i-Diario search_autocomplete cross site scripting - CVE-2025-9106
Portabilis i-Diario Informações Adicionais /planos-de-ensino - CVE-2025-9105
Portabilis i-Diario Informações Adicionais /planos-de-ensino - CVE-2025-9104
Portabilis i-Diario Informações Adicionais /planos-de-aulas-
Same vendor: Portabilis
- CVE-2026-4355
Portabilis i-Educar Endpoint educar_servidor_curso_lst.php c - CVE-2026-2064
Portabilis i-Educar User Data meusdadod.php cross site scrip - CVE-2026-2015
Portabilis i-Educar Final Status Import FinalStatusImportSer - CVE-2025-9638
i-Educar 2.10.0 - Stored Cross-Site Scripting (XSS) in admin - CVE-2025-65022
i-Educar Authenticated Time-based SQL Injection in `agenda.p
Same weakness: CWE-204
- CVE-2026-8242
Industrial Application Software IAS Canias ERP Login RMI doA - CVE-2026-20195
Cisco Identity Services Engine Observable Response Discrepan - CVE-2026-24468
OpenAEV Vulnerable to Username/Email Enumeration Through Dif - CVE-2026-34264
Information Disclosure vulnerability in SAP Human Capital Ma - CVE-2026-4113
SonicWALL SMA1000 安全漏洞
V. Comments for CVE-2025-9109
No comments yet