CVE-2025-65023 is an authenticated time-based SQL injection vulnerability identified in the portabilis i-educar school management software, specifically in versions 2.10.0 and prior. The vulnerability resides in the intranet PHP script funcionario_vinculo_cad.php, where the GET parameter cod_funcionario_vinculo is concatenated directly into an SQL query without proper sanitization or parameterization. This improper neutralization of special elements (CWE-89) allows an attacker with an authenticated session to inject arbitrary SQL commands. The vulnerability is time-based, meaning the attacker can infer database responses by measuring response times, enabling data extraction even without direct error messages. The CVSS v3.1 score is 7.2 (high), reflecting network attack vector, low attack complexity, high privileges required, no user interaction, and full impact on confidentiality, integrity, and availability. Although no known exploits are currently in the wild, the vulnerability poses a significant risk due to the sensitive nature of educational data managed by i-educar. The issue has been addressed in a patch (commit a00dfa3), which properly sanitizes the input to prevent injection. Organizations running affected versions should apply this patch promptly to mitigate risk.

For European organizations using i-educar, this vulnerability could lead to unauthorized disclosure of sensitive student and staff data, manipulation or deletion of records, and potential disruption of school management operations. The breach of confidentiality could violate GDPR regulations, leading to legal and financial repercussions. Integrity compromise could result in falsified academic records or administrative data, undermining trust and operational reliability. Availability impact could disrupt access to critical school management functions, affecting educational continuity. Since exploitation requires authenticated access, insider threats or compromised credentials increase risk. The educational sector's reliance on accurate and secure data makes this vulnerability particularly impactful. Additionally, the centralized nature of school management software means a successful attack could affect multiple institutions simultaneously, amplifying the damage.

1. Immediately update i-educar installations to the patched version that includes commit a00dfa3 or later. 2. Restrict access to the intranet and administrative interfaces to trusted networks and users using network segmentation and VPNs. 3. Implement strong authentication mechanisms, including multi-factor authentication, to reduce risk of credential compromise. 4. Conduct regular audits of user accounts and permissions to ensure only authorized personnel have access. 5. Monitor database query logs and application logs for unusual or time-based query patterns indicative of SQL injection attempts. 6. Employ Web Application Firewalls (WAFs) with rules tailored to detect and block SQL injection payloads targeting the cod_funcionario_vinculo parameter. 7. Educate administrators and users about phishing and credential security to prevent session hijacking. 8. Consider implementing parameterized queries and input validation as additional development best practices beyond the patch. 9. Prepare incident response plans specific to data breaches involving educational data to minimize impact if exploitation occurs.