CVE-2025-45953

CRITICAL

PHPGurukul Hostel Mgt Sys 2.1 - Session Hijacking

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2025-45953. PoCs published by VasilVK.

AI-analyzed exploit summary The repository contains detailed technical writeups for multiple CVEs, including CVE-2025-45953, describing session fixation and broken access control vulnerabilities in PHPGurukul systems. Each writeup includes steps to reproduce, impact analysis, and references, but lacks functional exploit code.

Description

A vulnerability was found in PHPGurukul Hostel Management System 2.1 in the /hostel/change-password.php file of the user panel - Change Password component. Improper handling of session data allows a Session Hijacking attack, exploitable remotely

Exploits (1)

github WRITEUP
by VasilVK · poc
https://github.com/VasilVK/CVE/tree/main/CVE-2025-45953

The repository contains detailed technical writeups for multiple CVEs, including CVE-2025-45953, describing session fixation and broken access control vulnerabilities in PHPGurukul systems. Each writeup includes steps to reproduce, impact analysis, and references, but lacks functional exploit code.

Classification
Writeup 90%
Attack Type
Auth Bypass
Complexity
Moderate
Reliability
Theoretical
Target: PHPGurukul Hostel Management System v2.1
No auth needed
Prerequisites: access to the target system · ability to manipulate session IDs
devstral-2 · analyzed Feb 27, 2026 Full analysis →

References (2)

Core 2

Scores

CVSS v3 9.1
EPSS 0.0038
EPSS Percentile 29.6%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N

CISA SSVC

Vulnrichment
Exploitation poc
Automatable yes
Technical Impact total

Details

CWE
CWE-384
Status published
Products (1)
phpgurukul/hostel_management_system 2.1
Published Apr 28, 2025
Tracked Since Feb 18, 2026