CVE-2025-8785 is a cross-site scripting (XSS) vulnerability identified in the Portabilis i-Educar platform, versions 2.0 through 2.9. The vulnerability arises from improper handling of user-supplied input parameters, specifically nm_pessoa, matricula, and matricula_interna, within the /intranet/educar_usuario_lst.php file. An attacker can remotely exploit this flaw by injecting malicious scripts into these parameters, which are then processed without adequate sanitization or encoding. When a victim user accesses the affected page, the injected script executes in their browser context, potentially leading to session hijacking, credential theft, or unauthorized actions performed on behalf of the user. The vulnerability does not require authentication but does require user interaction (i.e., the victim must visit a crafted URL). The CVSS 4.0 score is 5.1 (medium severity), reflecting network attack vector, low attack complexity, no privileges required, but user interaction needed, and limited impact on integrity and availability. The vendor has been notified but has not responded or issued a patch, and no known exploits are currently observed in the wild. However, public disclosure of the exploit code increases the risk of exploitation attempts. Given that i-Educar is an education management system, the vulnerability could affect sensitive student and staff data if exploited.

For European organizations, particularly educational institutions using Portabilis i-Educar, this vulnerability poses a risk to the confidentiality and integrity of user data. Successful exploitation could allow attackers to steal session cookies, impersonate users, or execute unauthorized actions within the application. This could lead to unauthorized access to personal data of students and staff, potentially violating GDPR requirements and resulting in regulatory penalties. Furthermore, exploitation could undermine trust in the institution's IT systems and disrupt normal educational operations. While availability impact is limited, the reputational damage and compliance risks are significant. Since the vulnerability is remotely exploitable and requires no authentication, attackers could target multiple users via phishing or malicious links, increasing the threat surface. European organizations with limited IT security resources or lacking timely patch management processes are particularly vulnerable.

Given the absence of an official patch, European organizations should implement immediate compensating controls. These include: 1) Input validation and output encoding at the web application firewall (WAF) or reverse proxy level to detect and block malicious payloads targeting the vulnerable parameters. 2) Deploy Content Security Policy (CSP) headers to restrict script execution and reduce the impact of XSS attacks. 3) Educate users to avoid clicking suspicious links and implement email filtering to reduce phishing risks. 4) Monitor web server logs for unusual parameter values or repeated access attempts to /intranet/educar_usuario_lst.php. 5) If feasible, restrict access to the intranet page to trusted IP ranges or via VPN to reduce exposure. 6) Plan for an upgrade or patch deployment once the vendor releases a fix. 7) Conduct regular security assessments and penetration testing focused on input validation weaknesses. These measures, combined, can reduce the risk until a vendor patch is available.