Cyber Resilience

CVE-2025-63531

CriticalPublic PoC

Published: 01 December 2025

Published
01 December 2025
Modified
02 December 2025
KEV Added
Patch
CVSS Score v3.1 10.0 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:N
EPSS Score 0.0012 30.9th percentile
Risk Priority 20 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2025-63531 is a critical-severity SQL Injection (CWE-89) vulnerability in Shridharshukl Blood Bank Management System. Its CVSS base score is 10.0 (Critical).

Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked at the 30.9th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.

The strongest mitigations our analysis identified are NIST 800-53 RA-5 (Vulnerability Monitoring and Scanning) and SI-10 (Information Input Validation).

Deeper analysis

CVE-2025-63531 is a SQL injection vulnerability (CWE-89) affecting Blood Bank Management System version 1.0, specifically within the receiverLogin.php component. The application fails to properly sanitize user-supplied input in SQL queries involving the remail and rpassword fields, allowing attackers to inject arbitrary SQL code. Published on 2025-12-01, it carries a CVSS v3.1 base score of 10.0 (AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:N), marking it as critical.

Remote attackers require no privileges, authentication, or user interaction to exploit this vulnerability over the network with low complexity. By manipulating the remail and rpassword fields during login attempts, they can bypass authentication mechanisms and gain unauthorized access to the system, potentially leading to high impacts on confidentiality and integrity across the affected scope.

Advisories and related resources, including potential exploit details and the source code repository, are available at the following references: https://drive.google.com/file/d/12yeOXW_sN69QjsQtW0_k9AGqozi1s0di/view?usp=sharing, https://github.com/Shridharshukl/Blood-Bank-Management-System, and https://github.com/kiwi865/CVEs/blob/main/CVE-2025-63531.md. No specific patches or mitigation steps are detailed in the primary description.

EU & UK References

Vulnerability details

A SQL injection vulnerability exists in the Blood Bank Management System 1.0 within the receiverLogin.php component. The application fails to properly sanitize user-supplied input in SQL queries, allowing an attacker to inject arbitrary SQL code. By manipulating the remail and…

more

rpassword fields, an attacker can bypass authentication and gain unauthorized access to the system.

CWE(s)

Related Threats

MITRE ATT&CK Enterprise TechniquesAI

T1190 Exploit Public-Facing Application Initial Access
Adversaries may attempt to exploit a weakness in an Internet-facing host or system to initially access a network.
Why these techniques?

SQL injection in public-facing web login (receiverLogin.php) enables unauthenticated remote exploitation of a public-facing application to bypass authentication and access data.

Confidence: HIGH · MITRE ATT&CK Enterprise v19.0

CVEs Like This One

CVE-2025-63532Same product: Shridharshukl Blood Bank Management System
CVE-2025-63535Same product: Shridharshukl Blood Bank Management System
CVE-2025-63529Same product: Shridharshukl Blood Bank Management System
CVE-2026-39334Shared CWE-89
CVE-2024-13488Shared CWE-89
CVE-2026-20002Shared CWE-89
CVE-2025-1446Shared CWE-89
CVE-2025-22699Shared CWE-89
CVE-2026-36232Shared CWE-89
CVE-2026-31871Shared CWE-89

Affected Assets

shridharshukl
blood bank management system
1.0

Mitigating Controls

Mitigating Controls (NIST 800-53 r5) AI

prevent

SI-10 directly prevents SQL injection by requiring validation and sanitization of user-supplied inputs like remail and rpassword in receiverLogin.php.

prevent

SI-2 requires identifying, prioritizing, and remediating the specific SQL injection flaw in the Blood Bank Management System.

preventdetect

RA-5 mandates vulnerability scanning that would detect the SQLi in receiverLogin.php and trigger remediation.

References