Cross-Site Scripting Vulnerability in Portabilis i-Educar Software
CVE-2025-10373
Key Information:
- Vendor
Portabilis
- Status
- Vendor
- CVE Published:
- 13 September 2025
Badges
What is CVE-2025-10373?
A security vulnerability has been identified in Portabilis i-Educar, specifically in the intranet interface used for educational management. The vulnerability allows for cross-site scripting (XSS) via the nm_tipo parameter of the educar_turma_tipo_cad.php file. This flaw can be exploited by attackers remotely, enabling them to inject malicious scripts into the web application. Given that the vulnerability has been publicly disclosed, it poses a significant risk to users of the software. It is essential for organizations to address this issue promptly by applying necessary patches or changes to safeguard against potential attacks.
Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.
Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.
Affected Version(s)
i-Educar 2.0
i-Educar 2.1
i-Educar 2.2
Exploit Proof of Concept (PoC)
PoC code is written by security researchers to demonstrate the vulnerability can be exploited. PoC code is also a key component for weaponization which could lead to ransomware.
References
CVSS V4
Timeline
- ๐ก
Public PoC available
- ๐พ
Exploit known to exist
Vulnerability published
Vulnerability Reserved