CVE-2025-7482
Published: 12 July 2025
Summary
CVE-2025-7482 is a low-severity Injection (CWE-74) vulnerability in Phpgurukul Vehicle Parking Management System. Its CVSS base score is 2.1 (Low).
Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked in the top 47.7% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.
The strongest mitigations our analysis identified are NIST 800-53 SI-10 (Information Input Validation) and SI-2 (Flaw Remediation).
Deeper analysis
CVE-2025-7482 is a critical SQL injection vulnerability affecting PHPGurukul Vehicle Parking Management System version 1.13. The flaw exists in unknown code within the file /users/print.php, where manipulation of the 'vid' argument enables SQL injection. This issue corresponds to CWE-74 (Improper Neutralization of Special Elements used in an SQL Command) and CWE-89 (SQL Injection).
The vulnerability allows remote exploitation with low attack complexity and no user interaction, but requires low privileges (PR:L). Attackers can achieve low impacts on confidentiality, integrity, and availability, as scored at CVSS 6.3 (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L).
Advisories and references are available at https://github.com/f1rstb100d/myCVE/issues/112, https://phpgurukul.com/, https://vuldb.com/?ctiid.316132, https://vuldb.com/?id.316132, and https://vuldb.com/?submit.610570. The exploit has been disclosed publicly and may be used, though no specific patch or mitigation details are provided in the CVE description.
EU & UK References
- 🇪🇺 ENISA EUVD: EUVD-2025-21226
Vulnerability details
A vulnerability was found in PHPGurukul Vehicle Parking Management System 1.13. It has been declared as critical. This vulnerability affects unknown code of the file /users/print.php. The manipulation of the argument vid leads to sql injection. The attack can be…
more
initiated remotely. The exploit has been disclosed to the public and may be used.
- CWE(s)
Related Threats
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
Direct remote SQL injection in a web application component (/users/print.php) enables exploitation of a public-facing app without user interaction.
CVEs Like This One
Affected Assets
Mitigating Controls
Mitigating Controls (NIST 800-53 r5) AI
Directly requires validation and neutralization of untrusted input such as the 'vid' parameter before it reaches SQL statements in /users/print.php.
Mandates timely remediation of the known SQL-injection flaw in the Vehicle Parking Management System code.
Limits the set of accounts that possess the low privileges needed to reach the vulnerable print.php endpoint.