CVE-2025-9724 is a cross-site scripting (XSS) vulnerability identified in the Portabilis i-Educar platform, specifically affecting versions 2.0 through 2.10. The vulnerability resides in the /intranet/educar_nivel_ensino_cad.php file, where improper sanitization or validation of the nm_nivel/descricao parameter allows an attacker to inject malicious scripts. This flaw enables remote attackers to execute arbitrary JavaScript code in the context of the victim's browser without requiring authentication. The vulnerability is exploitable over the network with low attack complexity and does not require privileges or prior user interaction, although some user interaction may be needed to trigger the malicious payload. The CVSS v4.0 base score is 5.1, indicating a medium severity level. The vulnerability could be leveraged to perform actions such as session hijacking, defacement, or redirecting users to malicious sites. Although no known exploits are currently observed in the wild, public disclosure of the exploit code increases the risk of exploitation. The vulnerability impacts confidentiality and integrity primarily, with limited direct impact on availability. The scope is limited to the affected i-Educar installations, which are educational management systems used primarily by schools and educational institutions for administrative purposes.

For European organizations, particularly educational institutions using Portabilis i-Educar, this vulnerability poses a risk of unauthorized script execution within users' browsers. This can lead to theft of session cookies, user impersonation, phishing attacks, or unauthorized actions performed on behalf of legitimate users. The impact is significant in environments where sensitive student or staff data is managed, potentially leading to data breaches or reputational damage. Since i-Educar is an educational management platform, exploitation could disrupt administrative workflows or compromise personal information of students and staff. Additionally, the presence of malicious scripts could be used to spread malware or conduct further attacks within the network. Given the remote exploitability and public availability of exploit code, European educational institutions must prioritize addressing this vulnerability to prevent exploitation.

Organizations should immediately audit their i-Educar installations to identify affected versions (2.0 through 2.10). Since no official patch links are provided, mitigation should include applying any vendor-released patches or updates once available. In the interim, implement input validation and output encoding on the nm_nivel/descricao parameter to neutralize malicious scripts. Employ web application firewalls (WAFs) with rules targeting XSS payloads to block exploit attempts. Educate users to recognize suspicious links or unexpected behavior within the i-Educar platform. Restrict access to the intranet portion of the application to trusted IP ranges and enforce strict authentication and session management controls. Conduct regular security assessments and penetration testing focused on web application vulnerabilities. Monitoring logs for unusual activity related to the vulnerable endpoint can help detect exploitation attempts early.