CVE-2025-7870 is a cross-site scripting (XSS) vulnerability identified in Portabilis i-Diario version 1.5.0, specifically within the justificativas-de-falta endpoint. The vulnerability arises from improper sanitization or validation of the 'Anexo' parameter, which an attacker can manipulate to inject malicious scripts. This flaw allows remote attackers to execute arbitrary JavaScript in the context of the affected web application without requiring authentication, although user interaction is necessary to trigger the payload. The vulnerability is classified as problematic with a CVSS 4.0 base score of 5.1, indicating a medium severity level. The attack vector is network-based with low attack complexity, no privileges required, but user interaction is needed. The vulnerability impacts the confidentiality and integrity of user sessions by potentially enabling session hijacking, credential theft, or unauthorized actions performed on behalf of the user. The vendor has been contacted but has not responded or issued a patch, and no known exploits are currently observed in the wild, though the exploit details have been publicly disclosed. Given the nature of XSS, the risk primarily targets end-users of the i-Diario platform, which is an educational management system used to handle school attendance and related administrative tasks.

For European organizations, particularly educational institutions using Portabilis i-Diario 1.5.0, this vulnerability poses a risk to user data confidentiality and integrity. Successful exploitation could lead to session hijacking, unauthorized access to sensitive student or staff information, and manipulation of attendance records or justifications. This could undermine trust in the educational system's data integrity and potentially violate data protection regulations such as GDPR due to unauthorized data exposure. Additionally, attackers could use the XSS vulnerability as a pivot point for further attacks, including phishing or malware distribution targeting school staff or students. The medium severity suggests that while the vulnerability is not critical, it still represents a significant risk, especially in environments where the platform is widely used and integrated with other systems.

Given the absence of an official patch, European organizations should implement immediate compensating controls. These include input validation and output encoding on the 'Anexo' parameter at the application or web server level to neutralize malicious scripts. Deploying a Web Application Firewall (WAF) with custom rules to detect and block XSS payloads targeting the justificativas-de-falta endpoint can reduce exposure. Organizations should also conduct user awareness training to recognize suspicious links or unexpected prompts within the i-Diario platform. Monitoring web logs for unusual requests to the vulnerable endpoint can help identify attempted exploitation. Where feasible, restricting access to the i-Diario application to trusted networks or VPNs can limit remote attack vectors. Finally, organizations should engage with Portabilis for updates and consider upgrading to newer versions once patches are released.