CVE-2025-8784 is a cross-site scripting (XSS) vulnerability identified in the Portabilis i-Educar software, versions up to 2.9. The vulnerability exists in the /intranet/funcionario_vinculo_cad.php file, specifically within the component responsible for the 'Cadastrar Vínculo' page. The issue arises from improper sanitization or validation of the 'nome' parameter, which can be manipulated remotely by an attacker to inject malicious scripts. This vulnerability is classified as problematic and has a CVSS 4.0 base score of 5.1, indicating a medium severity level. The attack vector is network-based (AV:N), requires low attack complexity (AC:L), no privileges (PR:L) but does require some user interaction (UI:P). The vulnerability does not impact confidentiality, integrity, or availability directly but can lead to limited integrity impact (VI:L) through script injection. The vendor was notified but has not responded or provided a patch, and while no known exploits are currently active in the wild, the exploit details have been publicly disclosed, increasing the risk of exploitation. The vulnerability allows an attacker to execute arbitrary JavaScript in the context of the affected web application, potentially enabling session hijacking, defacement, or redirection to malicious sites. Given the nature of i-Educar as an educational management system, exploitation could compromise sensitive user data or disrupt educational operations.

For European organizations using Portabilis i-Educar, this XSS vulnerability poses a moderate risk. Educational institutions often handle personal data of students, staff, and faculty, making them attractive targets for attackers seeking to steal credentials or conduct phishing campaigns. Successful exploitation could lead to session hijacking, unauthorized actions on behalf of legitimate users, or distribution of malware through the trusted platform. While the direct impact on system availability or data integrity is limited, the potential for reputational damage and regulatory non-compliance (e.g., GDPR violations due to data exposure) is significant. Additionally, the lack of vendor response and patch availability increases the window of exposure. Remote exploitation capability means attackers do not need physical access, broadening the threat landscape. The requirement for user interaction (e.g., clicking a crafted link) suggests social engineering may be involved, which is plausible in educational environments with diverse user bases. Overall, the vulnerability could disrupt educational services and compromise user trust if exploited.

Given the absence of an official patch, European organizations should implement immediate compensating controls. First, apply strict input validation and output encoding on the 'nome' parameter at the web application firewall (WAF) level to block malicious script payloads targeting this endpoint. Deploy Content Security Policy (CSP) headers to restrict the execution of unauthorized scripts within the application context. Conduct user awareness training focusing on phishing and social engineering risks to reduce the likelihood of user interaction with malicious links. Monitor web server logs for unusual requests to /intranet/funcionario_vinculo_cad.php and implement anomaly detection to identify potential exploitation attempts. If feasible, isolate the affected component or restrict access to trusted IP ranges temporarily. Engage with the vendor persistently for patch development and consider alternative software solutions if remediation is delayed. Finally, ensure regular backups and incident response plans are in place to mitigate potential impacts.