CVE-2025-63955 – A CSRF vulnerability in PHPGurukul Student Reco... (How to Fix)

📋 TL;DR

A CSRF vulnerability in PHPGurukul Student Record System v3.2 allows attackers to trick authenticated administrators into executing unauthorized account deletion requests. This leads to denial of service by removing legitimate user accounts. Only systems running the vulnerable version with administrator access are affected.

💻 Affected Systems

Products:

PHPGurukul Student Record System

Versions: v3.2

Operating Systems: All

Default Config Vulnerable: ⚠️ Yes

Notes: Requires administrator authentication and session. The manage-students.php component is vulnerable.

📦 What is this software?

Student Record System by Phpgurukul

View all CVEs affecting Student Record System →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete system disruption through mass account deletion, requiring manual account restoration and causing extended service unavailability.

🟠

Likely Case

Targeted deletion of key administrator or student accounts, causing partial service disruption and administrative overhead.

🟢

If Mitigated

No impact if CSRF protections are implemented or administrators don't click malicious links.

🌐 Internet-Facing: HIGH

🏢 Internal Only: MEDIUM

🎯 Exploit Status

Public PoC: ⚠️ Yes

Weaponized: LIKELY

Unauthenticated Exploit: ✅ No

Complexity: LOW

Exploitation requires social engineering to trick authenticated administrators into clicking malicious links.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Unknown

Vendor Advisory: https://phpgurukul.com/student-record-system-php/

Restart Required: No

Instructions:

1. Check vendor website for updates
2. If patch available, download and replace manage-students.php
3. Verify CSRF tokens are implemented in all form submissions

🔧 Temporary Workarounds

Implement CSRF Protection

all

Add CSRF tokens to manage-students.php form submissions

Edit manage-students.php to include CSRF token generation and validation

Restrict Access

all

Limit access to admin panel to trusted IP addresses only

Add IP whitelisting to .htaccess or web server configuration

🧯 If You Can't Patch

Implement web application firewall with CSRF protection rules
Require re-authentication for sensitive actions like account deletion

🔍 How to Verify

Check if Vulnerable:

Review manage-students.php for absence of CSRF token validation in POST requests

Check Version:

Check system version in admin panel or readme files

Verify Fix Applied:

Test that account deletion requests fail without valid CSRF tokens

📡 Detection & Monitoring

Log Indicators:

Multiple account deletion requests from same session
Unusual deletion patterns

Network Indicators:

External referer headers in admin requests
Suspicious redirects to admin pages

SIEM Query:

source="web_logs" AND (uri="/manage-students.php" AND method="POST" AND status="200") | stats count by src_ip, user_agent

📊 Metadata

CVE ID: CVE-2025-63955

CVSS v3 Score: 7.5 (HIGH)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

CWE: CWE-352

EPSS Score: 0.03% exploit probability (9.6th percentile)

Published: November 18, 2025

Last Updated: November 20, 2025

🔗 References

https://github.com/Wayne-arul/CVE-Disclosures/tree/main/CVE-2025-63955 Exploit,Third Party Advisory
https://phpgurukul.com/student-record-system-php/ Product

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2025-63955, you might also want to check these: