CVE-2025-26200

Summary

CVE-2025-26200 is a newly disclosed SQL injection vulnerability that affects version 9.6.1 of the SLIMS (School Information Management System) software. An attacker can exploit this issue by manipulating the month parameter in the visitor_report_day.php component, which enables them to escalate privileges remotely and potentially gain unauthorized access to sensitive data. This vulnerability poses a significant risk to schools and educational institutions that use SLIMS and have not yet applied the necessary security patches. It is strongly recommended that users update their systems as soon as possible to mitigate the risk of exploitation.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.