CVE-2025-57119

CriticalPublic PoC

Published: 16 September 2025

Published

16 September 2025

Modified

18 September 2025

KEV Added

—

Patch

—

CVSS Score 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

EPSS Score 0.0012 30.3th percentile

Risk Priority 20 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2025-57119 is a critical-severity Execution with Unnecessary Privileges (CWE-250) vulnerability in Phpgurukul Online Library Management System. Its CVSS base score is 9.8 (Critical).

Operationally, exploitation aligns with the MITRE ATT&CK technique Exploitation for Privilege Escalation (T1068); ranked at the 30.3th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.

The strongest mitigations our analysis identified are NIST 800-53 AC-3 (Access Enforcement) and AC-6 (Least Privilege).

Threat & Defense at a Glance

What attackers do: exploitation maps to Exploitation for Privilege Escalation (T1068). What defenders deploy: see the NIST 800-53 controls recommended below.

Threat & Defense Details

Mitigating Controls (NIST 800-53 r5)AI

AC-6 Least Privilege good match

prevent

AC-6 directly counters CWE-250 by enforcing least privilege, preventing the adminlogin.php Login function from executing with unnecessary privileges that enable escalation.

AC-3 Access Enforcement good match

prevent

AC-3 enforces approved access authorizations, blocking unauthorized privilege escalation through the flawed adminlogin.php Login function.

IA-2 Identification and Authentication (Organizational Users) good match

prevent

IA-2 requires robust identification and authentication for organizational users, mitigating unauthenticated (PR:N) exploitation of the admin login vulnerability.

MITRE ATT&CK Enterprise TechniquesAI

T1068 Exploitation for Privilege Escalation Privilege Escalation

Adversaries may exploit software vulnerabilities in an attempt to elevate privileges.

attack.mitre.org →

Why these techniques?

The CVE describes a privilege escalation vulnerability in the admin login function of a web application, directly enabling T1068: Exploitation for Privilege Escalation.

NVD Description

An issue in Online Library Management System v.3.0 allows an attacker to escalate privileges via the adminlogin.php component and the Login function

Deeper analysisAI

CVE-2025-57119, published on 2025-09-16, is a privilege escalation vulnerability in Online Library Management System version 3.0. The flaw resides in the adminlogin.php component and the Login function, mapped to CWE-250 (Execution with Unnecessary Privileges). It carries a CVSS v3.1 base score of 9.8 (AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H), marking it as critical due to its potential for severe impact.

The vulnerability enables remote exploitation by unauthenticated attackers (PR:N) with low attack complexity (AC:L) and no user interaction (UI:N) required. Successful exploitation allows privilege escalation, granting high-level access that compromises confidentiality, integrity, and availability (C:H/I:H/A:H) of the affected system.

Advisories and further details are available in referenced sources, including http://online.com, https://github.com/Jazeye/CVE/blob/main/CVE-2025-57119/README.md, https://github.com/danielmiessler/SecLists/blob/master/Usernames/cirt-default-usernames.txt, and https://phpgurukul.com. Security practitioners should consult these for any patch availability or mitigation guidance.