Cyber Resilience

CVE-2025-51414

HighRCE

Published: 13 April 2026

Published
13 April 2026
Modified
17 April 2026
KEV Added
Patch
CVSS Score v3.1 8.8 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
EPSS Score 0.0031 22.0th percentile
Risk Priority 55 floored blend · peak EPSS

Summary

CVE-2025-51414 is a high-severity Code Injection (CWE-94) vulnerability. Its CVSS base score is 8.8 (High).

Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked at the 22.0th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.

The strongest mitigations our analysis identified are NIST 800-53 SI-10 (Information Input Validation) and SI-2 (Flaw Remediation).

Deeper analysis

CVE-2025-51414 is an arbitrary file upload vulnerability in Phpgurukul Online Course Registration version 3.1, specifically affecting the profile picture upload functionality on the /my-profile.php page. This flaw, associated with CWE-94 (code injection), carries a CVSS v3.1 base score of 8.8 (AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H), indicating high severity due to its potential for significant confidentiality, integrity, and availability impacts over the network with low complexity and only low privileges required.

The vulnerability can be exploited by authenticated users with low privileges, such as registered participants, who can upload arbitrary files disguised as profile pictures via the affected endpoint. Successful exploitation allows attackers to upload malicious files, potentially leading to remote code execution, server compromise, or other high-impact actions as reflected in the CVSS impact metrics.

Mitigation details and further technical analysis are available in advisories referenced at https://github.com/12T40910/CVE/issues/12 and https://medium.com/@tanushkushtk01/cve-2025-51414-unrestricted-file-upload-in-online-course-registration-v3-1-bd8b839be1d7, published alongside the CVE disclosure on 2026-04-13.

OWASP Top 10 for Web (2025)

EU & UK References

Vulnerability details

In Phpgurukul Online Course Registration v3.1, an arbitrary file upload vulnerability was discovered within the profile picture upload functionality on the /my-profile.php page.

CWE(s)

Related Threats

MITRE ATT&CK Enterprise TechniquesAI

T1190 Exploit Public-Facing Application Initial Access
Adversaries may attempt to exploit a weakness in an Internet-facing host or system to initially access a network.
T1105 Ingress Tool Transfer Command And Control
Adversaries may transfer tools or other files from an external system into a compromised environment.
T1505.003 Web Shell Persistence
Adversaries may backdoor web servers with web shells to establish persistent access to systems.
Why these techniques?

Arbitrary file upload in public-facing web app directly enables exploitation (T1190), tool/file ingress (T1105), and web shell deployment for RCE (T1505.003).

Confidence: HIGH · MITRE ATT&CK Enterprise v19.0

CVEs Like This One

CVE-2026-30117Shared CWE-94
CVE-2024-54724Shared CWE-94
CVE-2026-32367Shared CWE-94
CVE-2026-27044Shared CWE-94
CVE-2025-66224Shared CWE-94
CVE-2026-2296Shared CWE-94
CVE-2025-52744Shared CWE-94
CVE-2026-42607Shared CWE-94
CVE-2024-13890Shared CWE-94
CVE-2021-47778Shared CWE-94

Affected Assets

Mitigating Controls

Mitigating Controls (NIST 800-53 r5) AI

prevent

Requires validation of profile picture uploads to ensure only legitimate image files are accepted, directly preventing arbitrary file uploads leading to code injection.

preventdetect

Implements malicious code protection mechanisms such as antivirus scanning on uploaded files to block or detect webshells and other exploits disguised as profile pictures.

prevent

Mandates timely identification, reporting, and patching of the specific flaw in /my-profile.php upload handler to remediate the arbitrary file upload vulnerability.

References