CVE-2025-1588

CVSS 3.1 Score 9.1 of 10 (high)

Details

Published Feb 23, 2025

Updated: Feb 28, 2025

CWE ID 24

CWE ID 23

CWE ID 22

Summary

CVE-2025-1588 is a critical vulnerability identified in the PHPGurukul Online Nurse Hiring System 1.0. The issue resides in the /admin/manage-nurse.php file and stems from a path traversal flaw. When the argument "profilepic" is manipulated, an attacker can traverse directories up to the "../filedir" location. This vulnerability is remotely exploitable, and the exploit has been made public. Contradictory vulnerability classes have been reported in initial researcher advisories.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

https://app.recordedfuture.com/live/sc/entity/3m90ml
https://www.cve.org/CVERecord?id=CVE-2025-1588
https://nvd.nist.gov/vuln/detail/CVE-2025-1588

Back to Vulnerability Database

CVE-2025-1588

CVSS 3.1 Score 9.1 of 10 (high)

Details

Summary

Advisories, Assessments, and Mitigations