Cross-Site Request Forgery Vulnerability in PHPGurukul Student Record System
CVE-2025-63955

7.5HIGH

Key Information:

Vendor: PHPGurukul
Status: Student Record System
Vendor: CVE Published:; 18 November 2025

What is CVE-2025-63955?

A Cross-Site Request Forgery vulnerability exists within the manage-students.php component of the PHPGurukul Student Record System v3.2. This flaw permits an attacker to deceive an authenticated administrator into executing a forged request, potentially resulting in unauthorized deletions of user accounts. Consequently, this can lead to a Denial of Service, severely impacting the functionality of the system and the accessibility of user data.

References

https://phpgurukul.com/student-record-system-php/

https://github.com/Wayne-arul/CVE-Disclosures/tree/main/C...

CVSS V3.1

Score:

7.5

Severity:

HIGH

Confidentiality:

None

Integrity:

None

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Nov 18, 2025
Vulnerability Reserved
Oct 27, 2025

JSON