CVE-2025-8540

LOW

Portabilis i-Educar 2.10 - Cross-Site Scripting via nome Parameter in public_municipio_cad.php

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2025-8540. PoCs published by KarinaGante.

AI-analyzed exploit summary The repository contains detailed technical writeups for multiple CVEs, including CVE-2025-8540, with in-depth analysis, proof-of-concept steps, and payloads. It focuses on vulnerabilities like XSS via SVG file upload bypass and directory traversal attacks.

Description

A vulnerability was found in Portabilis i-Educar 2.10. It has been classified as problematic. This affects an unknown part of the file /intranet/public_municipio_cad.php. The manipulation of the argument nome leads to cross site scripting. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.

Exploits (1)

github WRITEUP
by KarinaGante · htmlpoc
https://github.com/KarinaGante/KG-Sec/tree/main/CVEs/i-Educar/CVE-2025-8540.md

The repository contains detailed technical writeups for multiple CVEs, including CVE-2025-8540, with in-depth analysis, proof-of-concept steps, and payloads. It focuses on vulnerabilities like XSS via SVG file upload bypass and directory traversal attacks.

Classification
Writeup 100%
Attack Type
Xss
Complexity
Moderate
Reliability
Reliable
Target: NovoSGA, Scada-LTS, i-Educar
Auth required
Prerequisites: access to admin endpoint · ability to upload SVG files
devstral-2 · analyzed Feb 27, 2026 Full analysis →

References (5)

Core 5
Core References
Third Party Advisory, VDB Entry vdb-entry technical-description
https://vuldb.com/?id.318669
Permissions Required, VDB Entry signature permissions-required
https://vuldb.com/?ctiid.318669
Third Party Advisory, VDB Entry third-party-advisory
https://vuldb.com/?submit.620456
Exploit, Third Party Advisory exploit
https://karinagante.github.io/cve-2025-8540/

Scores

CVSS v3 2.4
EPSS 0.0028
EPSS Percentile 19.2%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:N/I:L/A:N

CISA SSVC

Vulnrichment
Exploitation poc
Automatable no
Technical Impact partial

Details

CWE
CWE-79 CWE-94
Status published
Products (1)
portabilis/i-educar 2.10.0
Published Aug 05, 2025
Tracked Since Feb 18, 2026