CVE-2025-8367 – A reflected cross-site scripting (XSS) vulnerab... (How to Fix)

Q: What is the severity of CVE-2025-8367?

CVE-2025-8367 has a CVSS score of 4.3 (MEDIUM). A reflected cross-site scripting (XSS) vulnerability exists in Portabilis i-Educar 2.9 where the 'nome' parameter in /intranet/funcionario_vinculo_lst.php is not properly sanitized. This allows attackers to inject malicious scripts that execute in victims' browsers when they visit a crafted URL. Organizations running i-Educar 2.9 are affected.

📋 TL;DR

A reflected cross-site scripting (XSS) vulnerability exists in Portabilis i-Educar 2.9 where the 'nome' parameter in /intranet/funcionario_vinculo_lst.php is not properly sanitized. This allows attackers to inject malicious scripts that execute in victims' browsers when they visit a crafted URL. Organizations running i-Educar 2.9 are affected.

💻 Affected Systems

Products:

Portabilis i-Educar

Versions: 2.9

Operating Systems: All

Default Config Vulnerable: ⚠️ Yes

Notes: Only affects the web interface component; requires access to the vulnerable endpoint.

📦 What is this software?

I Educar by Portabilis

View all CVEs affecting I Educar →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Attackers could steal session cookies, perform actions as authenticated users, redirect to malicious sites, or deface the application interface.

🟠

Likely Case

Session hijacking leading to unauthorized access to student/employee data, or credential theft through phishing-style attacks.

🟢

If Mitigated

Limited impact if proper input validation, output encoding, and Content Security Policy are implemented.

🌐 Internet-Facing: HIGH

🏢 Internal Only: MEDIUM

🎯 Exploit Status

Public PoC: ⚠️ Yes

Weaponized: LIKELY

Unauthenticated Exploit: ⚠️ Yes

Complexity: LOW

Exploit requires user interaction (clicking malicious link) but is trivial to craft.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Unknown

Vendor Advisory: None available

Restart Required: No

Instructions:

No official patch available. Implement workarounds or upgrade if newer version exists.

🔧 Temporary Workarounds

Input Validation Filter

all

Add server-side validation to sanitize the 'nome' parameter before processing.

Edit /intranet/funcionario_vinculo_lst.php to filter/escape user input

Web Application Firewall Rule

all

Block requests containing script tags or XSS patterns in the nome parameter.

WAF specific configuration required

🧯 If You Can't Patch

Implement Content Security Policy (CSP) headers to restrict script execution
Restrict access to /intranet/funcionario_vinculo_lst.php endpoint via network controls

🔍 How to Verify

Check if Vulnerable:

Test by accessing /intranet/funcionario_vinculo_lst.php?nome=<script>alert('XSS')</script> and checking if script executes.

Check Version:

Check i-Educar version in admin panel or configuration files.

Verify Fix Applied:

Retest with same payload; script should not execute and input should be properly encoded.

📡 Detection & Monitoring

Log Indicators:

HTTP requests to funcionario_vinculo_lst.php with script tags or encoded payloads in parameters

Network Indicators:

Unusual parameter values in GET requests to vulnerable endpoint

SIEM Query:

source="web_logs" AND uri_path="/intranet/funcionario_vinculo_lst.php" AND (query_string CONTAINS "<script>" OR query_string CONTAINS "javascript:")

📊 Metadata

CVE ID: CVE-2025-8367

CVSS v3 Score: 4.3 (MEDIUM)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N

CWE: CWE-79

EPSS Score: 0.06% exploit probability (18th percentile)

Published: July 31, 2025

Last Updated: August 5, 2025

🔗 References

https://github.com/marcelomulder/CVE/blob/main/i-educar/CVE-2025-8367.md Exploit,Third Party Advisory
https://github.com/marcelomulder/CVE/blob/main/i-educar/Reflected%20XSS%20funcionario_vinculo_lst.php%20parameter%20nome.md Broken Link
https://vuldb.com/?ctiid.318339 Permissions Required
https://vuldb.com/?id.318339 Third Party Advisory,VDB Entry
https://vuldb.com/?submit.618668 Exploit,Third Party Advisory,VDB Entry

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2025-8367, you might also want to check these: