CVE-2025-63529

HIGH EPSS 23.3%
Published Dec 1, 20257mo ago · Modified Jun 17, 20261w ago
8.8 CVSS 3.1
High
Find Similar
Published Dec 1, 2025 7mo ago
Last Modified Jun 17, 2026 1w ago

Description

A session fixation vulnerability exists in Blood Bank Management System 1.0 in login.php that allows an attacker to set or predict a user's session identifier prior to authentication. When the victim logs in, the application continues to use the attacker-supplied session ID rather than generating a new one, enabling the attacker to hijack the authenticated session and gain unauthorized access to the victim's account.

CVSS Details

Base Score
8.8
Exploitability
2.8
Impact
5.9
Vector string
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Attack Vector Network
Attack Complexity Low
Privileges Required None
User Interaction Required
Scope Unchanged
Confidentiality High
Integrity High
Availability High

Threat Intelligence

EPSS Exploit Probability
23.3% percentile
Exploit & Patch Status
Public Exploit Known
No Patch Available

Weaknesses 1

CWE-384

Affected Products 1

VendorProductVersionRange
shridharshuklblood_bank_management_system1.0any

References 3

  • drive.google.com https://drive.google.com/file/d/12yeOXW_sN69QjsQtW0_k9AGqozi1s0di/view?usp=sharing
    ExploitThird Party Advisory
  • github.com https://github.com/Shridharshukl/Blood-Bank-Management-System
    Product
  • github.com https://github.com/kiwi865/CVEs/blob/main/CVE-2025-63529.md
    Exploit

Remediation

No remediation data recorded yet

Check vendor advisories and the NVD entry for patch availability.