CVE-2025-9724
BaseFortify
Publication date: 2025-08-31
Last updated on: 2026-04-29
Assigner: VulDB
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| portabilis | i-educar | to 2.10 (inc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-94 | The product constructs all or part of a code segment using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the syntax or behavior of the intended code segment. |
| CWE-79 | The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
CVE-2025-9724 is a cross-site scripting (XSS) vulnerability in Portabilis i-Educar versions up to 2.10, specifically in the file /intranet/educar_nivel_ensino_cad.php. It occurs because the application does not properly validate or sanitize user inputs in the parameters nm_nivel and descricao. Attackers can inject malicious scripts into these parameters, which are then stored and executed when users access affected pages. This allows remote attackers to execute scripts in the context of the victim's browser, potentially requiring some user interaction. [1, 2]
How can this vulnerability impact me? :
This vulnerability can lead to several impacts including theft of session cookies enabling session hijacking, download and installation of malware on victim systems, browser hijacking, theft of user credentials, unauthorized access to sensitive information stored in user accounts or browsers, website defacement, misdirection of users by altering website content or instructions, and damage to business reputation through misinformation or defacement. [2]
How can this vulnerability be detected on my network or system? Can you suggest some commands?
This vulnerability can be detected by checking for the presence of the vulnerable endpoint `/intranet/educar_nivel_ensino_cad.php` and testing the parameters `nm_nivel` and `descricao` for improper input sanitization. One method is to use Google dorking with the query `inurl:intranet/educar_nivel_ensino_cad.php` to identify potentially vulnerable targets. Additionally, you can manually test by injecting a payload such as `"><img src=x onerror=alert('CVE-Hunters')>` into the "NΓvel Ensino" and "Descrição" fields on the vulnerable page and observe if the script executes on the trigger page `/intranet/educar_transferencia_tipo_lst.php`. Commands to detect this might include using curl or wget to send crafted requests, for example: `curl -X POST -d "nm_nivel=\"><img src=x onerror=alert('test')>&descricao=test" http://target/intranet/educar_nivel_ensino_cad.php` and then checking the response or subsequent pages for script execution. [1, 2]
What immediate steps should I take to mitigate this vulnerability?
Currently, there are no known mitigations or countermeasures recommended for this vulnerability. The suggested immediate step is to replace the affected component (Portabilis i-Educar up to version 2.10) with an alternative product that is not vulnerable. Until a patch or fix is available, restricting access to the vulnerable endpoints and monitoring for exploitation attempts may help reduce risk. [1]