Which versions of PHPGurukul News Portal are affected by CVE-2025-12615?

CVE-2025-12615 is a low-severity vulnerability in A security vulnerability (CVSS 2.3).

Is there a public PoC exploit available for CVE-2025-12615?

Yes, a public proof-of-concept exploit is available for CVE-2025-12615. Prioritise patching immediately. EPSS: 0.1%.

How to fix or mitigate CVE-2025-12615?

During next maintenance window: Apply vendor patches when convenient. Monitor vendor channels for updates.

PHPGurukul News Portal CVE-2025-12615

Q: What is the CVSS score of CVE-2025-12615?

CVE-2025-12615 has a CVSS 4.0 base score of 1.3 (Low). CVSS vector: CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:P/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X. EPSS exploitation probability: 0.1%.

LOW

Key Management Errors (CWE-320)

2025-11-03 cna@vuldb.com

Information Disclosure

1.3

CVSS 4.0 · NVD

Severity by source

NVD PRIMARY

1.3 LOW

CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:P/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:P/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

Attack Vector

Network

Attack Complexity

High

Privileges Required

None

User Interaction

Scope

Lifecycle Timeline

CVSS changed

Apr 29, 2026 - 01:11 NVD

2.3 (LOW) 1.3 (LOW)

Analysis Generated

Mar 28, 2026 - 19:20 vuln.today

PoC Detected

Nov 10, 2025 - 16:18 vuln.today

Public exploit code

CVE Published

Nov 03, 2025 - 04:15 nvd

LOW 2.3

DescriptionCVE.org

A security vulnerability has been detected in PHPGurukul News Portal 1.0. The affected element is an unknown function of the file /onps/settings.py. Such manipulation of the argument SECRET_KEY leads to use of hard-coded cryptographic key . The attack may be performed from remote. The attack requires a high level of complexity. The exploitability is described as difficult. The exploit has been disclosed publicly and may be used.

AnalysisAI

A security vulnerability has been detected in PHPGurukul News Portal 1.0. Rated low severity (CVSS 2.3), this vulnerability is remotely exploitable, no authentication required. Public exploit code available and no vendor patch available.

Technical ContextAI

This vulnerability is classified under CWE-320. A security vulnerability has been detected in PHPGurukul News Portal 1.0. The affected element is an unknown function of the file /onps/settings.py. Such manipulation of the argument SECRET_KEY leads to use of hard-coded cryptographic key . The attack may be performed from remote. The attack requires a high level of complexity. The exploitability is described as difficult. The exploit has been disclosed publicly and may be used. Affected products include: Phpgurukul News Portal.

RemediationAI

No vendor patch is available at time of analysis. Monitor vendor advisories for updates. Apply vendor patches when available. Implement network segmentation and monitoring as interim mitigations.

CVE-2025-12615 vulnerability details – vuln.today

Back