CVE-2025-45953

CWE-384 CWE-787 — Out-of-bounds Write4 documents4 sources

Severity

9.1CRITICAL

EPSS

0.3%

top 47.62%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Phpgurukul Hostel Management System

Timeline

PublishedApr 28

Description

A vulnerability was found in PHPGurukul Hostel Management System 2.1 in the /hostel/change-password.php file of the user panel - Change Password component. Improper handling of session data allows a Session Hijacking attack, exploitable remotely

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:NExploitability: 3.9 | Impact: 5.2

Affected Packages1 packages

▶NVDphpgurukul/hostel_management_system2.1

🔴Vulnerability Details

GHSA

GHSA-53p2-vrj6-pr6p: A vulnerability was found in PHPGurukul Hostel Management System 2↗2025-04-28

▶

CVEList

CVE-2025-45953: A vulnerability was found in PHPGurukul Hostel Management System 2↗2025-04-28

▶

📋Vendor Advisories

Microsoft

Dnsmasq 2.86 has a heap-based buffer overflow in extract_name (called from hash_questions and fuzz_util.c). NOTE: the vendor's position is that CVE-2021-45951 through CVE-2021-45957 "do not represent ↗2021-12-14

▶