CVE-2025-25387

Summary

CVE-2025-25387 is a SQL injection vulnerability discovered in the /admin/manage-propertytype.php file of the PHPGurukul Land Record System v1.0. This issue permits remote attackers to execute arbitrary code by exploiting the propertytype POST request parameter during SQL queries, posing a significant risk to data integrity and system security. Attackers can take advantage of this vulnerability to inject malicious SQL statements and manipulate the database, potentially leading to unauthorized access or data theft. This issue highlights the importance of input validation, proper sanitization, and regular software updates to maintain cybersecurity resilience. The PHPGurukul Land Record System developers must address this vulnerability by implementing input validation techniques, sanitizing user inputs, and patching the vulnerable code in their application as soon as possible. Users of the system should apply the patch as soon as it becomes available to mitigate the risk of potential attacks.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.