CVE-2025-63531

CVE-2025-63531 is a SQL injection vulnerability (CWE-89) affecting Blood Bank Management System version 1.0, specifically within the receiverLogin.php component. The application fails to properly sanitize user-supplied input in SQL queries involving the remail and rpassword fields, allowing attackers to inject arbitrary SQL code. Published on 2025-12-01, it carries a CVSS v3.1 base score of 10.0 (AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:N), marking it as critical.

Remote attackers require no privileges, authentication, or user interaction to exploit this vulnerability over the network with low complexity. By manipulating the remail and rpassword fields during login attempts, they can bypass authentication mechanisms and gain unauthorized access to the system, potentially leading to high impacts on confidentiality and integrity across the affected scope.

Advisories and related resources, including potential exploit details and the source code repository, are available at the following references: https://drive.google.com/file/d/12yeOXW_sN69QjsQtW0_k9AGqozi1s0di/view?usp=sharing, https://github.com/Shridharshukl/Blood-Bank-Management-System, and https://github.com/kiwi865/CVEs/blob/main/CVE-2025-63531.md. No specific patches or mitigation steps are detailed in the primary description.