CVE Catalog

CVE-2025-45949

CriticalCVSS 9.8
Published: Updated: Translated: NVD NIST

Exploitation Probability (EPSS)

Low risk
0.43%

34th percentile - higher than 34% of all known CVEs

Summary

A critical vulnerability in PHPGurukul User Registration & Login and User Management System V3.3 in the /loginsystem/change-password.php file of the user panel. Improper session data handling allows a Session Hijacking attack, leading to account takeover.

Risk Assessment

An attacker can remotely hijack an authenticated user's session, gaining full access to their account and data, potentially leading to identity theft or unauthorized actions.

Recommendation

Immediately update the system to the latest version or apply a security patch. Additionally, implement session protection mechanisms such as session ID regeneration after login and session data validation.

Original NVD description (English source)

A critical vulnerability was found in PHPGurukul User Registration & Login and User Management System V3.3 in the /loginsystem/change-password.php file of the user panel - Change Password component. Improper handling of session data allows a Session Hijacking attack, exploitable remotely and leading to account takeover.

Vulnerability data from NVD (NIST) · CISA KEV · EPSS