CVE-2025-2687
Published: 24 March 2025
Description
Adversaries may backdoor web servers with web shells to establish persistent access to systems.
Security Summary
CVE-2025-2687 is a critical vulnerability in PHPGurukul eLearning System 1.0, affecting an unknown function in the file /user/index.php of the Image Handler component. The issue enables unrestricted file upload through manipulation of this endpoint.
The vulnerability can be exploited remotely by attackers with low privileges (PR:L), requiring low attack complexity (AC:L) and no user interaction (UI:N). Successful exploitation grants low impacts on confidentiality, integrity, and availability (C:L/I:L/A:L) with unchanged scope (S:U), as reflected in its CVSS v3.1 base score of 6.3 (AV:N). The exploit has been publicly disclosed and may be used, with associated weaknesses in CWE-284 (Improper Access Control) and CWE-434 (Unrestricted Upload of File with Dangerous Type).
Advisories and details are available via references including a GitHub issue at https://github.com/ARPANET-cyber/CVE/issues/14, the vendor site at https://phpgurukul.com/, and VulDB entries at https://vuldb.com/?ctiid.300708, https://vuldb.com/?id.300708, and https://vuldb.com/?submit.521454. The vulnerability was published on 2025-03-24.
Details
- CWE(s)
Affected Products
MITRE ATT&CK Enterprise Techniques
Why these techniques?
Unrestricted file upload vulnerability in public-facing PHP web application enables remote exploitation for initial access (T1190), ingress tool/malware transfer (T1105), and web shell deployment/execution (T1505.003).