Socials

Table of contents

  1. CVE-2025-9724
  2. Introduction
  3. What is CVE-2025-9724?
  4. Technical Details
  5. Proof of Concept (PoC)
  6. Impact
  7. Official Sources
  8. Credits
CVE-2025-9724 CVE-2025-9724

CVE-2025-9724

8/31/2025 / 3 minutes to read / Tags: CVEs, XSS, i-Educar

Introduction

While exploring i-Educar system, I discovered multiples stored XSS vulnerabilities in the /intranet/educar_nivel_ensino_cad.php endpoint. The nm_nivel and descricao parameters, allows the injection of malicious scripts without any sanitization.

These scripts are stored in the database and executed automatically when the /intranet/educar_nivel_ensino_det.php?cod_nivel_ensino=[id] page is accessed.

In this post, I’ll walk you through the technical details, how the vulnerability was exploited (PoC), screenshots with real evidence, and the security risks it represents in real-world environments.

What is CVE-2025-9724?

The CVE-2025-9724 refers two stored Stored Cross-Site Scripting (XSS) vulnerability found in the /intranet/educar_nivel_ensino_cad.php endpoint of the i-Educar application.

The nm_nivel and descricao parameters fails to properly validate user inputs, allowing attackers to persist JavaScript payloads on the server. The malicious code is executed when the /intranet/educar_nivel_ensino_det.php?cod_nivel_ensino=[id] page is loaded, impacting any user who visits it.

Technical Details

» Vulnerable Endpoint: /intranet/educar_nivel_ensino_cad.php

» Affected Parameters: nm_nivel, descricao

» Trigger Page: /intranet/educar_nivel_ensino_det.php?cod_nivel_ensino=[id]

» Payload Used:

"><img src=x onerror=alert('CVE-Hunters')>

Proof of Concept (PoC)

To reproduce the vulnerability:

» Access the endpoint: /intranet/educar_nivel_ensino_cad.php;

» Select default option on first field;

» Insert the payload in both fields: “Nível Ensino” and "Descrição";

» Click on: “Salvar”

The /intranet/educar_nivel_ensino_det.php?cod_nivel_ensino=[id] page will automatically load, triggering the malicious payloads:

  • Parameter nm_nivel:
  • Parameter descricao:

You can access the full technical report with all step-by-step evidence here:

CVE-2025-9724 Report

Impact

This Cross-Site Scripting (XSS) vulnerability can be exploited to:

  • Steal session cookies (session hijacking);
  • Install malware on victims’ devices;
  • Steal credentials stored in the browser;
  • Redirect users to malicious websites;
  • Deface the application interface;
  • Damage the institutional reputation.

Official Sources

This vulnerability was reported responsibly and is publicly registered as:

Credits

Discovered with💜 by Karina Gante.

LinkedInGitHubGmailInstagram

Official Member of CVE-Hunters🏹

← Back to blog