CVE-2025-15390Missing Authorization in Small CRM

CWE-862Missing AuthorizationCWE-863Incorrect Authorization3 documents3 sources
Severity
5.3MEDIUMNVD
EPSS
0.0%
top 96.07%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Phpgurukul Small CRM
Timeline
PublishedDec 31

Description

A security flaw has been discovered in PHPGurukul Small CRM 4.0. This impacts an unknown function of the file /admin/edit-user.php. The manipulation results in missing authorization. It is possible to launch the attack remotely. The exploit has been released to the public and may be used for attacks.

CVSS vector

CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N

Affected Packages2 packages

CVEListV5phpgurukul/small_crm4.0

🔴Vulnerability Details

2
GHSA
GHSA-vq3f-wjq8-v437: A security flaw has been discovered in PHPGurukul Small CRM 42025-12-31
CVEList
PHPGurukul Small CRM edit-user.php authorization2025-12-31
CVE-2025-15390 — Missing Authorization in Small CRM | cvebase