CVE-2025-7110 is a cross-site scripting (XSS) vulnerability identified in Portabilis i-Educar version 2.9.0, specifically within the School Module component affecting the file /intranet/educar_escola_lst.php. The vulnerability arises from improper sanitization or validation of the 'Escola' parameter, which can be manipulated by an attacker to inject malicious scripts. This vulnerability is remotely exploitable without requiring authentication, though it does require user interaction (e.g., a victim clicking a crafted link). The CVSS 4.0 base score is 5.1, indicating a medium severity level. The attack vector is network-based with low attack complexity, no privileges required, and no impact on confidentiality or availability, but it does have a limited impact on integrity through potential script injection. The vendor was notified but did not respond, and no patches or mitigations have been officially released. Public exploit details have been disclosed, increasing the risk of exploitation. XSS vulnerabilities like this can be used to steal session cookies, perform actions on behalf of users, or deliver further malware payloads, especially in web applications used in educational environments.

For European organizations using Portabilis i-Educar, particularly educational institutions and school administrations, this vulnerability poses a risk of session hijacking, credential theft, or unauthorized actions performed under the context of authenticated users. Given that i-Educar is an education management system, exploitation could lead to unauthorized access to sensitive student and staff data, manipulation of records, or disruption of school operations. The impact on confidentiality and integrity is moderate, as attackers can execute arbitrary scripts in users' browsers, potentially leading to data leakage or unauthorized changes. Availability impact is minimal. The lack of vendor response and patches increases the risk exposure. European educational institutions relying on this software without mitigation are vulnerable to targeted phishing or social engineering attacks leveraging this XSS flaw.

Organizations should implement immediate input validation and output encoding on the 'Escola' parameter to prevent script injection. Web application firewalls (WAFs) can be configured to detect and block typical XSS payloads targeting this endpoint. Administrators should monitor logs for suspicious requests to /intranet/educar_escola_lst.php and educate users about the risks of clicking untrusted links. If possible, restrict access to the intranet module to trusted IP ranges or VPN users to reduce exposure. Since no official patch is available, organizations should consider temporary workarounds such as disabling the vulnerable module or parameter if feasible. Regular security assessments and penetration testing should be conducted to verify the effectiveness of mitigations. Additionally, organizations should maintain up-to-date backups of critical data to recover from any potential compromise.