School Fees Payment System - SQLi (CVE-2025-6403)

CVE-2025-6403 is a critical SQL injection vulnerability in code-projects School Fees Payment System 1.0, specifically affecting the /student.php file via the ID parameter. This flaw allows remote attackers to manipulate database queries, potentially leading to unauthorized data access or modification. With public exploit code available, the risk of real-world attacks is significantly heightened.

CrowdSec has been tracking this vulnerability and its exploits since 19th of November 2025.

Data from the CrowdSec community indicates that exploitation of CVE-2025-6403 is highly selective and intelligence-driven. Threat actors use advanced reconnaissance and carefully choose their targets, often as part of sophisticated campaigns or advanced persistent threat operations. Additionally, according to week-over-week analysis by CrowdSec, exploitation of CVE-2025-6403 is surging. Attack volumes are spiking well above historical norms, indicating widespread and escalating interest from threat actors. CVE-2025-6403 is currently experiencing high visibility and active exploitation across the internet.

Attackers exploit the /student.php endpoint by injecting SQL commands into the id parameter, often using payloads like EXTRACTVALUE or SLEEP to trigger errors or time delays, indicating successful SQL injection attempts.