CVE-2025-25355
Published: 13 February 2025
Summary
CVE-2025-25355 is a high-severity SQL Injection (CWE-89) vulnerability in Phpgurukul Land Record System. Its CVSS base score is 7.2 (High).
Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked in the top 16.3% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.
The strongest mitigations our analysis identified are NIST 800-53 SI-10 (Information Input Validation) and SI-2 (Flaw Remediation).
Threat & Defense at a Glance
Threat & Defense Details
Mitigating Controls (NIST 800-53 r5)AI
Directly requires validation of untrusted inputs like the 'fromdate' POST parameter to block SQL injection payloads before they reach the database.
Mandates timely identification, reporting, and remediation of flaws such as this SQL injection vulnerability through patching or secure coding fixes.
Provides boundary protection via web application firewalls or proxies to inspect and filter malicious POST requests targeting SQL injection in admin endpoints.
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
SQL injection in public-facing web application (/admin/bwdates-reports-details.php) enables remote exploitation (T1190) and arbitrary SQL query execution for database data collection (T1213.006).
NVD Description
A SQL Injection vulnerability was found in /admin/bwdates-reports-details.php in PHPGurukul Land Record System v1.0, which allows remote attackers to execute arbitrary code via the fromdate POST request parameter.
Deeper analysisAI
CVE-2025-25355 is a SQL injection vulnerability in the /admin/bwdates-reports-details.php component of PHPGurukul Land Record System version 1.0. The flaw allows remote attackers to execute arbitrary code by injecting malicious payloads into the 'fromdate' POST request parameter. Published on 2025-02-13, it carries a CVSS v3.1 base score of 7.2 (AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H) and maps to CWE-89.
Exploitation targets users with high privileges, such as authenticated administrators, who can submit crafted POST requests to the vulnerable endpoint over the network. The attack requires low complexity and no user interaction, enabling attackers to achieve high impacts on confidentiality, integrity, and availability, potentially leading to full system compromise.
References point to GitHub writeups detailing the SQL injection via the 'fromdate' parameter, including proof-of-concept information in PDF format. No specific patch or mitigation details are outlined in the provided sources.
Details
- CWE(s)