CVE-2025-60239 is a vulnerability classified as an improper neutralization of special elements used in an SQL command, commonly known as SQL Injection, found in Codexpert, Inc's CoSchool Learning Management System (LMS) up to version 1.4.3. Specifically, it is a blind SQL injection vulnerability, meaning attackers can infer database information by sending crafted queries and observing application behavior without direct data disclosure. The vulnerability allows remote attackers with low privileges to inject malicious SQL commands due to insufficient sanitization or parameterization of user inputs. The CVSS v3.1 score is 8.5, indicating high severity, with attack vector being network-based (AV:N), requiring low privileges (PR:L), no user interaction (UI:N), but high attack complexity (AC:H), and a scope change (S:C) that affects components beyond the vulnerable module. The impact covers confidentiality, integrity, and availability (all high), meaning attackers can extract sensitive data, modify or delete records, or disrupt service availability. No known exploits have been reported in the wild yet, and no patches are currently linked, though the vulnerability was reserved in late September 2025 and published in early November 2025. The LMS is used primarily in educational environments to manage courses, users, and content, making the data stored highly sensitive and critical for institutional operations.

For European organizations, particularly educational institutions using CoSchool LMS, this vulnerability poses a significant risk. Successful exploitation could lead to unauthorized access to student records, grades, personal information, and administrative data, violating data protection regulations such as GDPR. Integrity of educational content and user data could be compromised, undermining trust and operational continuity. Availability impacts could disrupt learning activities and administrative functions, causing reputational damage and financial losses. Given the high severity and scope change, attackers might pivot from the LMS to other connected systems within the network, escalating the breach impact. The lack of current exploits reduces immediate risk but also means organizations must proactively address the vulnerability before attackers develop weaponized exploits. The high attack complexity somewhat limits mass exploitation but does not eliminate targeted attacks against high-value educational targets in Europe.

Organizations should immediately inventory their CoSchool LMS deployments and verify versions to identify affected instances (<=1.4.3). Until official patches are released by Codexpert, implement the following mitigations: 1) Deploy Web Application Firewalls (WAFs) with rules specifically tuned to detect and block SQL injection attempts, including blind SQLi patterns. 2) Conduct rigorous input validation and sanitization on all user-supplied data fields, employing parameterized queries or prepared statements where possible. 3) Restrict database user privileges to the minimum necessary to limit potential damage from injection attacks. 4) Monitor application logs and network traffic for anomalous queries or repeated failed attempts indicative of SQLi probing. 5) Plan and test patch deployment promptly once Codexpert releases an update addressing this vulnerability. 6) Educate system administrators and developers about secure coding practices to prevent similar vulnerabilities. 7) Consider network segmentation to isolate LMS systems from critical infrastructure to reduce lateral movement risk.