CVE-2025-25356
Published: 13 February 2025
Summary
CVE-2025-25356 is a high-severity SQL Injection (CWE-89) vulnerability in Phpgurukul Land Record System. Its CVSS base score is 7.2 (High).
Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked in the top 14.1% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.
The strongest mitigations our analysis identified are NIST 800-53 SI-10 (Information Input Validation) and SI-2 (Flaw Remediation).
Threat & Defense at a Glance
Threat & Defense Details
Mitigating Controls (NIST 800-53 r5)AI
Directly prevents SQL injection attacks by validating and sanitizing the 'todate' POST parameter before processing database queries.
Requires timely identification, reporting, and remediation of the SQL injection flaw in /admin/bwdates-reports-details.php.
Enables monitoring of the system for indicators of SQL injection exploitation attempts via anomalous database queries or behavior.
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
SQL injection in web application allows remote exploitation for initial access (T1190) and arbitrary database queries for data collection (T1213.006).
NVD Description
A SQL Injection vulnerability was found in /admin/bwdates-reports-details.php in PHPGurukul Land Record System v1.0, which allows remote attackers to execute arbitrary code via the " todate" POST request parameter.
Deeper analysisAI
CVE-2025-25356 is a SQL injection vulnerability (CWE-89) in the /admin/bwdates-reports-details.php component of PHPGurukul Land Record System version 1.0. It allows remote attackers to execute arbitrary code by injecting malicious payloads into the "todate" POST request parameter. The vulnerability carries a CVSS v3.1 base score of 7.2 (AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H) and was published on 2025-02-13.
Attackers require high privileges (PR:H), such as administrative access, to exploit this over the network with low complexity and no user interaction. Successful exploitation enables arbitrary code execution, resulting in high impacts to confidentiality, integrity, and availability, potentially allowing full compromise of the affected system.
References point to GitHub writeups detailing the SQL injection in the "todate" parameter, available at https://github.com/Santoshcyber1/CVE-wirteup/blob/main/Phpgurukul/Land%20record/SQL%20Injection%20tadate.pdf. No specific mitigation or patch details are provided in the available information.
Details
- CWE(s)