Session Hijacking Vulnerability in PHPGurukul Blood Bank & Donor Management System
CVE-2025-50487

Currently unrated

Key Information:

Vendor: PHPGurukul
Status: Blood Bank & Donor Management System
Vendor: CVE Published:; 28 July 2025

What is CVE-2025-50487?

The PHPGurukul Blood Bank & Donor Management System v2.4 contains a vulnerability in the /bbdms/change-password.php component, which allows attackers to execute a session hijacking attack. This flaw results from improper invalidation of user sessions, potentially granting unauthorized access to sensitive user data and processes. It is crucial for users of this system to initiate necessary security measures to mitigate the risk.

References

http://blood.com

http://phpgurukul.com

https://github.com/VasilVK/CVE/tree/main/CVE-2025-50487

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jul 28, 2025