CVE-2025-65135 identifies a time-based blind SQL injection vulnerability in the manikandan580 School-management-system version 1.0. The flaw is located in the /studentms/admin/between-date-reprtsdetails.php script, specifically through the fromdate POST parameter. Exploitation requires no authentication or user interaction and can result in high impact including availability, confidentiality, and integrity loss of the affected system. The vulnerability has a CVSS v3.1 base score of 9.8, reflecting its critical nature. No vendor advisory or patch information is provided, and no known exploits are reported in the wild.

Successful exploitation of this vulnerability can allow an unauthenticated attacker to perform time-based blind SQL injection attacks, potentially leading to unauthorized data disclosure, data modification, or denial of service. The critical CVSS score indicates that the impact on confidentiality, integrity, and availability is high. Since no privileges or user interaction are required, the attack surface is broad.

Patch status is not yet confirmed — check the vendor advisory for current remediation guidance. Until an official fix is available, it is recommended to implement input validation and parameterized queries on the affected endpoint to mitigate SQL injection risks. Monitor for updates from the vendor or trusted security sources regarding patches or official mitigations.