What is the CVSS score of CVE-2025-70063?

CVE-2025-70063 has a CVSS 3.1 base score of 6.5 (Medium). CVSS vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N. EPSS exploitation probability: 0.0%.

Which versions of Hospital Management System are affected by CVE-2025-70063?

Organizations using PHPGurukul Hospital Management System should be aware of notable risk from CVE-2025-70063, a IDOR vulnerability rated CVSS 6.5.

Is there a public PoC exploit available for CVE-2025-70063?

Yes, a public proof-of-concept exploit is available for CVE-2025-70063. Prioritise patching immediately. EPSS: 0.0%.

How to fix or mitigate CVE-2025-70063?

Within 30 days: Identify affected systems running PHPGurukul Hospital Management System and apply vendor patches as part of regular patch cycle. Monitor vendor channels for patch availability.

Hospital Management System CVE-2025-70063

MEDIUM

Authorization Bypass Through User-Controlled Key (CWE-639)

2026-02-18 cve@mitre.org

Authentication Bypass Hospital Management System

6.5

CVSS 3.1 · NVD

Severity by source

NVD PRIMARY

6.5 MEDIUM

AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

Attack Vector

Network

Attack Complexity

Low

Privileges Required

Low

User Interaction

None

Scope

Unchanged

Confidentiality

High

Integrity

None

Availability

None

Lifecycle Timeline

Analysis Generated

Mar 12, 2026 - 21:55 vuln.today

PoC Detected

Feb 26, 2026 - 22:33 vuln.today

Public exploit code

CVE Published

Feb 18, 2026 - 19:21 nvd

MEDIUM 6.5

DescriptionCVE.org

The 'Medical History' module in PHPGurukul Hospital Management System v4.0 contains an Insecure Direct Object Reference (IDOR) vulnerability. The application fails to verify that the requested 'viewid' parameter belongs to the currently authenticated patient. This allows a user to access the confidential medical records of other patients by iterating the 'viewid' integer.

AnalysisAI

Hospital Management System versions up to 4.0 is affected by authorization bypass through user-controlled key (CVSS 6.5).

Technical ContextAI

This vulnerability (CWE-639: Authorization Bypass Through User-Controlled Key) affects Hospital Management System. The 'Medical History' module in PHPGurukul Hospital Management System v4.0 contains an Insecure Direct Object Reference (IDOR) vulnerability. The application fails to verify that the requested 'viewid' parameter belongs to the currently authenticated patient. This allows a user to access the confidential medical records of other patients by iterating the 'viewid' integer.

RemediationAI

Monitor vendor advisories for a patch. Restrict network access to the affected service where possible.

CVE-2025-70063 vulnerability details – vuln.today

Back

Hospital Management System CVE-2025-70063

Severity by source

CVSS VectorNVD

Lifecycle Timeline

DescriptionCVE.org

AnalysisAI

Technical ContextAI

RemediationAI

Share

External POC / Exploit Code