CVE-2025-7109 is a cross-site scripting (XSS) vulnerability identified in version 2.9.0 of Portabilis i-Educar, an educational management system. The vulnerability exists in the Student Benefits Registration component, specifically in the /intranet/educar_aluno_beneficio_lst.php file. The issue arises due to improper sanitization or validation of the 'Benefício' parameter, which an attacker can manipulate to inject malicious scripts. This flaw allows an attacker to execute arbitrary JavaScript code in the context of the victim's browser when they access a crafted URL or page containing the malicious payload. The vulnerability is remotely exploitable without requiring authentication, but user interaction is necessary (e.g., clicking a malicious link). The CVSS 4.0 base score is 5.1, indicating a medium severity level. The attack vector is network-based with low attack complexity and no privileges required, but user interaction is needed. The vulnerability impacts confidentiality and integrity to a limited extent by potentially stealing session tokens, performing actions on behalf of the user, or defacing content. The vendor was notified but did not respond, and no patches or mitigations have been publicly released. Although no known exploits are currently in the wild, the public disclosure of the exploit code increases the risk of exploitation.

For European organizations using Portabilis i-Educar 2.9.0, especially educational institutions managing student benefits, this vulnerability poses a risk of session hijacking, unauthorized actions, and data manipulation through XSS attacks. The exploitation could lead to unauthorized access to sensitive student data, manipulation of benefit records, or phishing attacks targeting staff and students. This could result in reputational damage, regulatory non-compliance (e.g., GDPR violations due to data exposure), and operational disruption. Since the vulnerability requires user interaction, social engineering could be leveraged to increase attack success. The lack of vendor response and patches increases the window of exposure. Organizations relying on this software should be aware that attackers might exploit this vulnerability to compromise user accounts or inject malicious content into the intranet portal, potentially spreading malware or stealing credentials.

1. Implement immediate input validation and output encoding on the 'Benefício' parameter to neutralize malicious scripts, ideally by applying context-aware encoding (e.g., HTML entity encoding). 2. Deploy web application firewalls (WAFs) with rules to detect and block typical XSS payloads targeting the vulnerable endpoint. 3. Educate users to be cautious of unsolicited links or messages related to the intranet portal. 4. Restrict access to the intranet portal to trusted networks or VPNs to reduce exposure. 5. Monitor web server logs for suspicious requests targeting /intranet/educar_aluno_beneficio_lst.php with unusual parameter values. 6. If possible, upgrade to a newer version of i-Educar once the vendor releases a patch or consider applying custom patches or workarounds to sanitize inputs. 7. Conduct regular security assessments and penetration testing focused on web application vulnerabilities. 8. Implement Content Security Policy (CSP) headers to mitigate the impact of XSS by restricting script execution sources.