CVE-2025-63298
Published: 30 October 2025
Description
Adversaries may exploit software vulnerabilities that can cause an application or system to crash and deny availability to users.
Security Summary
CVE-2025-63298 is a path traversal vulnerability in the SourceCodester Pet Grooming Management System 1.0, specifically affecting the admin/manage_website.php component. It has a CVSS v3.1 base score of 8.2 (AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H) and is associated with CWE-24. The flaw was published on 2025-10-30.
An authenticated user with administrative privileges can exploit this vulnerability by submitting a specially crafted POST request. Successful exploitation enables the deletion of arbitrary files on the web server or underlying operating system, potentially leading to significant availability impacts.
Mitigation details and further technical information, including proof-of-concept exploitation, are available in the referenced GitHub repository at https://github.com/z3rObyte/CVE-2025-63298. The affected software can be downloaded from https://www.sourcecodester.com/sites/default/files/download/mayuri_k/petgrooming_erp.zip for testing and verification. No vendor patches are detailed in the provided information.
Details
- CWE(s)
Affected Products
MITRE ATT&CK Enterprise Techniques
Why these techniques?
Path traversal enables arbitrary file deletion on the web server/OS, facilitating indicator removal via file deletion (T1070.004, T1107), data destruction (T1485), and endpoint DoS through application exploitation by deleting critical files like index.php (T1499.004).