CVE-2025-63497

HIGH

Rickxy Hospital Management System <1.0 - SQL Injection

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2025-63497. PoCs published by cristibtz.

AI-analyzed exploit summary This is a detailed technical writeup describing an SQL injection vulnerability in rickxy Hospital Management System version 1.0. It provides specific details about the affected component, parameter, and attack scenario, but does not include functional exploit code.

Description

The patient prescription viewing functionality in his_doc_view_single_patient.php of rickxy Hospital Management System version 1.0 contains an SQL injection vulnerability. The pat_number GET parameter is directly concatenated into SQL queries without proper sanitization, allowing authenticated attackers (doctor role) to execute arbitrary SQL queries.

Exploits (1)

github WRITEUP 1 stars
by cristibtz · javapoc
https://github.com/cristibtz/Security-Research/tree/main/CVE-2025-63497

This is a detailed technical writeup describing an SQL injection vulnerability in rickxy Hospital Management System version 1.0. It provides specific details about the affected component, parameter, and attack scenario, but does not include functional exploit code.

Classification
Writeup 100%
Attack Type
Sqli
Complexity
Moderate
Reliability
Reliable
Target: rickxy Hospital Management System 1.0
Auth required
Prerequisites: doctor-level access to the HMS application
devstral-2 · analyzed Feb 27, 2026 Full analysis →

References (2)

Core 2

Scores

CVSS v3 7.1
EPSS 0.0020
EPSS Percentile 9.5%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:H/A:N

CISA SSVC

Vulnrichment
Exploitation none
Automatable no
Technical Impact total

Details

CWE
CWE-89
Status published
Products (1)
rickxy/hospital_management_system 1.0
Published Nov 10, 2025
Tracked Since Feb 18, 2026