Is there a public PoC exploit available for CVE-2025-7834?

Yes, a public proof-of-concept exploit is available for CVE-2025-7834. Prioritise patching immediately. EPSS: 0.1%.

PHPGurukul Complaint Management System CVE-2025-7834

Q: What is the CVSS score of CVE-2025-7834?

CVE-2025-7834 has a CVSS 4.0 base score of 2.1 (Low). CVSS vector: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X. EPSS exploitation probability: 0.1%.

LOW

Cross-Site Request Forgery (CSRF) (CWE-352)

2025-07-19 cna@vuldb.com

CSRF Complaint Management System

2.1

CVSS 4.0 · NVD

Severity by source

NVD PRIMARY

2.1 LOW

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

Attack Vector

Network

Attack Complexity

Low

Privileges Required

None

User Interaction

Scope

Lifecycle Timeline

Analysis Generated

Apr 29, 2026 - 01:21 vuln.today

DescriptionCVE.org

A vulnerability, which was classified as problematic, was found in PHPGurukul Complaint Management System 2.0. Affected is an unknown function. The manipulation leads to cross-site request forgery. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used.

AnalysisAI

Cross-site request forgery in PHPGurukul Complaint Management System 2.0 allows remote attackers to perform unauthorized actions via crafted requests requiring user interaction. The vulnerability has a low CVSS score of 2.1 due to required user interaction (UI:P) and limited integrity impact, but publicly available exploit code exists, making it actionable for targeted attacks against installations.

Technical ContextAI

The vulnerability is a CSRF flaw (CWE-352) in an unknown function within the PHPGurukul Complaint Management System, a PHP-based web application for managing complaints. CSRF attacks exploit the trust a web browser places in authenticated user sessions by inducing victims to perform unintended actions. The attack requires network access (AV:N) and low complexity (AC:L), relying on the victim visiting a malicious site or clicking a crafted link while authenticated to the vulnerable application. No special network or application conditions are required to deliver the payload, though the victim's user interaction is mandatory.

RemediationAI

No vendor-released patch has been identified at time of analysis. Immediate remediation options include: (1) upgrade to a patched version if the vendor releases one-monitor phpgurukul.com for updates; (2) as a compensating control, implement anti-CSRF tokens (synchronizer tokens or double-submit cookies) on all state-changing operations in the application if you control the source code; (3) enforce SameSite=Strict cookie attributes on session cookies to prevent cross-site request inclusion; (4) restrict access to the complaint management system to trusted networks or require additional authentication factors for sensitive actions such as complaint modification or deletion. If a patched version becomes available, test and deploy it immediately. For organizations unable to patch, the cookie and network restrictions reduce attack surface at the cost of reduced convenience for legitimate users.

CVE-2025-7834 vulnerability details – vuln.today

Back