CVE-2025-25351

Summary

CVE-2025-25351 is a newly identified vulnerability affecting the PHPGurukul Daily Expense Tracker System version 1.1. The issue resides in the /dets/add-expense.php file and is triggered through an SQL Injection technique on the dateexpense parameter. An attacker can exploit this vulnerability to execute malicious SQL commands, gain unauthorized access to sensitive data, or even modify system configurations, posing a significant risk to the security and integrity of the affected system. It is recommended that users immediately update their PHPGurukul Daily Expense Tracker System to a secure version to mitigate this threat.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.