CVE-2025-0880

CVSS 3.1 Score 6.3 of 10 (medium)

Details

Published Jan 30, 2025

CWE ID 89

CWE ID 74

Summary

CVE-2025-0880 is a critical vulnerability identified in the Codezips Gym Management System 1.0. This issue is related to the processing of the file /dashboard/admin/updateplan.php, where manipulation of the planid argument can lead to SQL injection. This vulnerability allows remote attackers to exploit the system, making it a significant security risk. The exploit for this vulnerability has been publicly disclosed, increasing the urgency for affected organizations to apply the necessary patches or workarounds to mitigate this threat.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Gym Management System

Affected Vendors

Codezips

Advisories, Assessments, and Mitigations

https://app.recordedfuture.com/live/sc/entity/27Uf25
https://www.cve.org/CVERecord?id=CVE-2025-0880
https://nvd.nist.gov/vuln/detail/CVE-2025-0880

Back to Vulnerability Database