CVE-2025-10590

Name of the Vulnerable Software and Affected Versions Portabilis i-Educar versions up to 2.10

Description A security flaw exists in Portabilis i-Educar up to version 2.10. The flaw is related to cross site scripting, triggered by manipulating the ref pessoa argument of an unknown function within the /intranet/educar usuario det.php file. This attack can be executed remotely. The exploit has been released publicly.

Recommendations Versions prior to 2.10 should be updated. As a temporary workaround, restrict access to the /intranet/educar usuario det.php file. Sanitize the ref pessoa argument to prevent the injection of malicious scripts.