PHPGurukul News Portal Information Disclosure Vulnerability in Debugging Code
CVE-2025-12616

6.3MEDIUM

Key Information:

Vendor: PHPgurukul
Status: News Portal
Vendor: CVE Published:; 3 November 2025

Badges

👾 Exploit Exists🟡 Public PoC

What is CVE-2025-12616?

A vulnerability in PHPGurukul News Portal version 1.0 allows for sensitive information to be inserted into debugging code due to manipulation of an unknown function within the /onps/settings.py file. This issue can be exploited remotely, making it a concern for users. The complexity of executing this attack is high, and while the exploit is publicly available, successfully initiating the attack requires considerable effort.

Affected Version(s)

News Portal 1.0

Exploit Proof of Concept (PoC)

PoC code is written by security researchers to demonstrate the vulnerability can be exploited. PoC code is also a key component for weaponization which could lead to ransomware.

CVE-2025-12616 - Proof of Concept

References

https://vuldb.com/?id.330910

vdb-entry

https://vuldb.com/?ctiid.330910

signaturepermissions-required

https://vuldb.com/?submit.678649

third-party-advisory

CVSS V4

Score:

6.3

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

None

Availability:

None

Attack Vector:

Network

Attack Complexity:

High

Attack Required:

None

Privileges Required:

Undefined

User Interaction:

None

Download the Critical Vulnerability Management Cheat Sheet

Timeline

🟡
Public PoC available
Nov 3, 2025
👾
Exploit known to exist
Nov 3, 2025
Vulnerability published
Nov 3, 2025
Vulnerability Reserved
Nov 2, 2025

Credit

Nishant_Kumar (VulDB User)

JSON

PHPgurukul

Badges

What is CVE-2025-12616?

Affected Version(s)

Exploit Proof of Concept (PoC)

References

CVSS V4

Timeline

Credit