CVE-2025-8784 is a cross-site scripting (XSS) vulnerability identified in the Portabilis i-Educar platform, specifically affecting versions 2.0 through 2.9. The vulnerability exists in the /intranet/funcionario_vinculo_cad.php file within the 'Cadastrar Vínculo' page component. It arises due to improper sanitization or validation of the 'nome' parameter, which can be manipulated by an attacker to inject malicious scripts. This vulnerability is remotely exploitable without requiring authentication, although it requires some user interaction to trigger the malicious payload. The CVSS 4.0 score is 5.1 (medium severity), reflecting the attack vector as network-based with low attack complexity, no privileges required, but requiring user interaction. The impact primarily affects the confidentiality and integrity of user sessions and data, potentially allowing attackers to execute arbitrary scripts in the context of the victim's browser. This could lead to session hijacking, credential theft, or unauthorized actions performed on behalf of the user. The vendor was notified early but has not responded or provided a patch, and no official remediation is currently available. Although no known exploits are reported in the wild, the public disclosure of the exploit increases the risk of exploitation.

For European organizations using Portabilis i-Educar, particularly educational institutions and administrative bodies, this vulnerability poses a risk of unauthorized access to sensitive information and disruption of normal operations. Successful exploitation could allow attackers to steal session cookies or credentials of staff members, leading to unauthorized data access or manipulation. Given that i-Educar is an education management system, the confidentiality of student and employee data could be compromised, violating GDPR and other data protection regulations. The integrity of administrative processes could also be undermined, affecting trust and operational continuity. The requirement for user interaction means social engineering or phishing campaigns could be used to exploit this vulnerability. The lack of vendor response and patches increases the window of exposure, making timely mitigation critical.

European organizations should implement immediate compensating controls such as input validation and output encoding at the application or web server level to sanitize the 'nome' parameter. Deploying a Web Application Firewall (WAF) with custom rules to detect and block XSS payloads targeting the vulnerable endpoint can reduce risk. Educate users and staff about phishing and social engineering risks to minimize user interaction exploitation. Monitor web server logs for suspicious requests to /intranet/funcionario_vinculo_cad.php and unusual user activity. If possible, restrict access to the intranet page to trusted IP ranges or via VPN to limit exposure. Organizations should also consider isolating the affected system and applying strict access controls until a vendor patch or official fix is available. Regular backups and incident response plans should be updated to handle potential exploitation scenarios.