CVE-2025-10373

LOW

Portabilis i-Educar < 2.10.0 - Cross-Site Scripting via nm_tipo Argument

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2025-10373. PoCs published by KarinaGante.

AI-analyzed exploit summary The repository contains a detailed technical writeup for CVE-2025-10373, focusing on a directory traversal vulnerability in the i-Educar software. It includes step-by-step exploitation details, screenshots, and references, demonstrating a clear understanding of the vulnerability.

Description

A security vulnerability has been detected in Portabilis i-Educar up to 2.10. The affected element is an unknown function of the file /intranet/educar_turma_tipo_cad.php. Such manipulation of the argument nm_tipo leads to cross site scripting. It is possible to launch the attack remotely. The exploit has been disclosed publicly and may be used.

Exploits (1)

github WRITEUP

by KarinaGante · htmlpoc

https://github.com/KarinaGante/KG-Sec/tree/main/CVEs/i-Educar/CVE-2025-10373.md

View Code ZIP pw:eip

The repository contains a detailed technical writeup for CVE-2025-10373, focusing on a directory traversal vulnerability in the i-Educar software. It includes step-by-step exploitation details, screenshots, and references, demonstrating a clear understanding of the vulnerability.

Classification

Writeup 100%

Attack Type

Info Leak

Complexity

Trivial

Reliability

Reliable

Target: i-Educar

No auth needed

Prerequisites: Access to the vulnerable endpoint

MITRE ATT&CK

T1005 - Data from Local System T1552 - Unsecured Credentials

devstral-2 · analyzed Feb 27, 2026 Full analysis →

References (5)

Core 5

Core References

Third Party Advisory, VDB Entry vdb-entry technical-description

https://vuldb.com/?id.323781

Permissions Required, VDB Entry signature permissions-required

https://vuldb.com/?ctiid.323781

Third Party Advisory, VDB Entry third-party-advisory

https://vuldb.com/?submit.642826

Various Sources related

https://karinagante.github.io/cve-2025-10373/

Various Sources exploit

https://karinagante.github.io/cve-2025-10373/#proof-of-concept-poc

Scores

CVSS v3 3.5

EPSS 0.0022

EPSS Percentile 12.5%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N

CISA SSVC

Vulnrichment

Exploitation poc

Automatable no

Technical Impact partial

Details

CWE

CWE-79 CWE-94

Status published

Products (1)

portabilis/i-educar < 2.10.0

Published Sep 13, 2025

Tracked Since Feb 18, 2026