CVE-2025-8544 is a cross-site scripting (XSS) vulnerability identified in version 2.10 of Portabilis i-Educar, an educational management system. The vulnerability arises from improper sanitization of the 'nome' parameter in the /module/RegraAvaliacao/edit endpoint. An attacker can remotely manipulate this parameter to inject malicious scripts, which are then executed in the context of the victim's browser. This type of vulnerability can be exploited to steal session cookies, perform actions on behalf of the user, or deliver malicious payloads. The vulnerability has been publicly disclosed, and while no known exploits are currently observed in the wild, the availability of the exploit code increases the risk of exploitation. The vendor was notified but has not responded, and no patches are currently available. The CVSS 4.0 base score is 4.8 (medium severity), reflecting that the attack vector is network-based with low attack complexity, no privileges required, but user interaction is necessary. The impact on confidentiality is none, with low impact on integrity due to limited scope, and no impact on availability. The vulnerability affects a specific module related to evaluation rules, which is likely used by educational institutions to manage grading criteria.

For European organizations, particularly educational institutions using Portabilis i-Educar 2.10, this vulnerability poses a risk of session hijacking, unauthorized actions, and potential data exposure through client-side script execution. While the direct impact on system integrity and availability is limited, the exploitation of XSS can lead to broader attacks such as phishing or credential theft, undermining trust in the educational platform. Given the sensitive nature of educational data and the importance of maintaining secure access for students and staff, exploitation could disrupt educational processes and compromise personal information. The lack of vendor response and absence of patches increases the risk exposure. Additionally, the public disclosure of the exploit code may encourage opportunistic attackers targeting European educational entities, especially those with limited cybersecurity resources.

Organizations should implement immediate mitigations including input validation and output encoding on the 'nome' parameter within the /module/RegraAvaliacao/edit functionality. Web Application Firewalls (WAFs) can be configured to detect and block typical XSS payloads targeting this endpoint. Administrators should restrict user privileges to minimize the impact of potential exploitation, ensuring that only trusted users can access the vulnerable module. Monitoring and logging of unusual activities related to this endpoint should be enhanced to detect exploitation attempts early. Since no official patch is available, organizations should consider isolating or limiting access to the affected module until a vendor fix is released. User education on phishing and suspicious links can reduce the risk of successful exploitation. Finally, organizations should maintain regular backups and incident response plans tailored to web application attacks.