Session Hijacking Vulnerability in PHPGurukul Bank Locker Management System
CVE-2025-50491

7.1HIGH

Key Information:

Vendor: PHPGurukul
Status: Bank Locker Management System
Vendor: CVE Published:; 28 July 2025

What is CVE-2025-50491?

A critical flaw exists within the PHPGurukul Bank Locker Management System v1, specifically in the /banker/change-password.php component. This vulnerability allows attackers to exploit improper session invalidation, leading to potential session hijacking. By leveraging this weakness, an attacker may gain unauthorized access to user accounts, thereby compromising sensitive data and security. It is imperative for users and administrators to implement preventive measures and updates to mitigate this risk.

References

http://phpgurukul.com

http://bank.com

https://github.com/VasilVK/CVE/tree/main/CVE-2025-50491

CVSS V3.1

Score:

7.1

Severity:

HIGH

Confidentiality:

High

Integrity:

Low

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jul 28, 2025
Vulnerability Reserved
Jun 16, 2025