CVE-2025-10373 is a cross-site scripting vulnerability identified in Portabilis i-Educar, an open-source educational management system widely used in some regions. The vulnerability resides in the /intranet/educar_turma_tipo_cad.php script, specifically in the handling of the nm_tipo parameter. This parameter is not properly sanitized or encoded, allowing an attacker to inject arbitrary JavaScript code that executes in the context of the victim's browser. The attack vector is remote and does not require authentication, but user interaction is necessary, typically by convincing a user to click a maliciously crafted URL or visit a compromised page. The CVSS 4.0 score of 5.1 reflects a medium severity, considering the ease of exploitation (low complexity, no privileges required), but limited impact on confidentiality and integrity, and no impact on availability. The vulnerability could be exploited to steal session cookies, perform actions on behalf of authenticated users, or deliver further malware payloads. Although no public patches have been linked yet, the presence of public exploit code increases the urgency for mitigation. The vulnerability affects all versions of i-Educar up to 2.10, indicating a broad scope of affected systems. Given i-Educar's use in educational institutions, the threat primarily targets the confidentiality and integrity of user sessions and data within these environments.

For European organizations, especially educational institutions using Portabilis i-Educar, this vulnerability poses a risk of unauthorized access to user sessions and potential data theft. Exploitation could lead to compromised student and staff personal information, unauthorized changes to educational records, and disruption of normal administrative operations. The impact on confidentiality is moderate due to possible session hijacking and data exposure. Integrity could be affected if attackers perform unauthorized actions within the application. Availability is not directly impacted. The vulnerability could also be leveraged as a foothold for further attacks, including phishing campaigns or malware distribution. European organizations with limited cybersecurity awareness or lacking robust input validation controls are particularly vulnerable. The public disclosure and availability of exploit code increase the likelihood of opportunistic attacks, especially targeting less protected institutions.

1. Implement strict input validation and output encoding on the nm_tipo parameter to neutralize malicious scripts. 2. Apply Content Security Policy (CSP) headers to restrict the execution of unauthorized scripts in browsers. 3. Educate users about the risks of clicking unknown or suspicious links, especially within the educational environment. 4. Monitor web server logs for unusual requests targeting /intranet/educar_turma_tipo_cad.php or containing suspicious payloads. 5. Segregate the intranet environment to limit exposure to external networks. 6. Once available, promptly apply official patches or updates from Portabilis addressing this vulnerability. 7. Employ web application firewalls (WAF) with rules to detect and block XSS attack patterns targeting the affected parameter. 8. Conduct regular security assessments and code reviews focusing on input handling in web applications. 9. Ensure session management uses secure cookies with HttpOnly and Secure flags to reduce session hijacking risks. 10. Maintain up-to-date backups to recover quickly in case of compromise.