{"dataType": "CVE_RECORD", "cveMetadata": {"state": "PUBLISHED", "cveId": "CVE-2025-65133", "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "dateUpdated": "2026-04-16T12:06:24.330Z", "dateReserved": "2025-11-18T00:00:00.000Z", "datePublished": "2026-04-14T00:00:00.000Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre", "dateUpdated": "2026-04-14T15:05:54.320Z"}, "descriptions": [{"lang": "en", "value": "A SQL injection vulnerability exists in the School Management System (version 1.0) by manikandan580. An unauthenticated or authenticated remote attacker can supply a crafted HTTP request to the affected endpoint to manipulate SQL query logic and extract sensitive database information."}], "affected": [{"vendor": "n/a", "product": "n/a", "versions": [{"version": "n/a", "status": "affected"}]}], "references": [{"url": "https://github.com/TREXNEGRO/Security-Advisories/blob/main/CVE-2025-65133/README.md"}], "problemTypes": [{"descriptions": [{"type": "text", "lang": "en", "description": "n/a"}]}]}, "adp": [{"problemTypes": [{"descriptions": [{"type": "CWE", "cweId": "CWE-89", "lang": "en", "description": "CWE-89 Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')"}]}], "references": [{"url": "https://github.com/TREXNEGRO/Security-Advisories/blob/main/CVE-2025-65133/poc.md", "tags": ["exploit"]}], "metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 9.8, "attackVector": "NETWORK", "baseSeverity": "CRITICAL", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}}, {"other": {"type": "ssvc", "content": {"timestamp": "2026-04-16T11:39:35.416562Z", "id": "CVE-2025-65133", "options": [{"Exploitation": "poc"}, {"Automatable": "yes"}, {"Technical Impact": "total"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-04-16T12:06:24.330Z"}}]}, "dataVersion": "5.2"}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 9.8, "attackVector": "NETWORK", "baseSeverity": "CRITICAL", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}}, {"other": {"type": "ssvc", "content": {"id": "CVE-2025-65133", "role": "CISA Coordinator", "options": [{"Exploitation": "poc"}, {"Automatable": "yes"}, {"Technical Impact": "total"}], "version": "2.0.3", "timestamp": "2026-04-16T11:39:35.416562Z"}}}], "references": [{"url": "https://github.com/TREXNEGRO/Security-Advisories/blob/main/CVE-2025-65133/poc.md", "tags": ["exploit"]}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-89", "description": "CWE-89 Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')"}]}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-04-16T11:39:28.293Z"}}], "cna": {"affected": [{"vendor": "n/a", "product": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "references": [{"url": "https://github.com/TREXNEGRO/Security-Advisories/blob/main/CVE-2025-65133/README.md"}], "descriptions": [{"lang": "en", "value": "A SQL injection vulnerability exists in the School Management System (version 1.0) by manikandan580. An unauthenticated or authenticated remote attacker can supply a crafted HTTP request to the affected endpoint to manipulate SQL query logic and extract sensitive database information."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "text", "description": "n/a"}]}], "providerMetadata": {"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre", "dateUpdated": "2026-04-14T15:05:54.320Z"}}}, "cveMetadata": {"cveId": "CVE-2025-65133", "state": "PUBLISHED", "dateUpdated": "2026-04-16T12:06:24.330Z", "dateReserved": "2025-11-18T00:00:00.000Z", "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "datePublished": "2026-04-14T00:00:00.000Z", "assignerShortName": "mitre"}, "dataVersion": "5.2"}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "A SQL injection vulnerability exists in the School Management System (version 1.0) by manikandan580. An unauthenticated or authenticated remote attacker can supply a crafted HTTP request to the affected endpoint to manipulate SQL query logic and extract sensitive database information."}], "id": "CVE-2025-65133", "lastModified": "2026-04-16T13:16:46.243", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 5.9, "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary"}]}, "published": "2026-04-14T16:16:34.180", "references": [{"source": "cve@mitre.org", "url": "https://github.com/TREXNEGRO/Security-Advisories/blob/main/CVE-2025-65133/README.md"}, {"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "url": "https://github.com/TREXNEGRO/Security-Advisories/blob/main/CVE-2025-65133/poc.md"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Received", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-89"}], "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary"}]}

{}

{"affected": [{"configurations": [{"platform": null, "status": "affected", "versions": {"scheme": "generic", "value": "[1.0,1.0]"}}], "enrichment": {"confidence": 100.0, "confidence_source": "manual", "scores": [{"score": 100.0, "source": "manual"}]}, "original": {"product": "n/a", "source": "cna", "vendor": "n/a"}, "product": "school_management_system", "vendor": "manikandan580"}], "analysis": {"en": {"generated_at": "2026-04-17T08:54:47.782101+00:00", "value": {"mitigation_remediation": ["Check the vendor\u2019s website or repository for any released updates or patches to address the vulnerability.", "Restrict access to the vulnerable HTTP endpoint by applying firewall rules or IP whitelisting.", "Implement server\u2011side input validation and enforce parameterized database queries on the affected endpoint.", "Monitor application logs for suspicious query patterns or repeated failed requests."], "summary": {"action": "Apply Update", "impact": "Remote SQL injection allowing data extraction"}, "threat_synthesis": {"affected_systems": "The affected product is the School Management System version 1.0 developed by manikandan580. No other vendors or versions are listed.", "description_and_impact": "A SQL injection vulnerability permits attackers to alter database queries through crafted HTTP requests. The flaw is exploitable by unauthenticated or authenticated users and can lead to extraction of sensitive database contents such as student records, login credentials, or administrative data. This represents a significant confidentiality breach and, if the attacker gains write privileges, could also modify or delete critical information. The weakness corresponds to the classic SQL injection flaw (CWE\u201189).", "risk_and_exploitability": "Because the vulnerability is accessible via an HTTP endpoint without requiring authentication, the attack vector is likely straightforward for remote actors. The EPSS score of 0.0003% indicates a very low probability of exploitation by malicious actors, but the CVSS score of 9.8 signifies critical severity. The issue is not catalogued by CISA, yet the lack of authentication and potential for data leakage suggest a high risk level for any system hosting the unpatched application."}}}}, "created": "2026-04-14T16:31:41.659347+00:00", "updated": "2026-04-17T09:00:10.969134+00:00", "vendors": ["manikandan580", "manikandan580$PRODUCT$school_management_system"], "weaknesses": ["CWE-89"]}