CVE-2025-63535
Published: 01 December 2025
Description
Adversaries may attempt to exploit a weakness in an Internet-facing host or system to initially access a network.
Security Summary
CVE-2025-63535 is a SQL injection vulnerability (CWE-89) in Blood Bank Management System 1.0, affecting the abs.php component. The application fails to properly sanitize user-supplied input within SQL queries, permitting attackers to inject arbitrary SQL code by manipulating the search field. Published on 2025-12-01, it carries a CVSS v3.1 base score of 9.6 (AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:N).
An attacker requires low privileges (PR:L) to exploit this remotely over the network (AV:N) with low attack complexity (AC:L) and no user interaction (UI:N). Exploitation changes the scope (S:C) and enables bypassing authentication to gain unauthorized system access, resulting in high confidentiality (C:H) and integrity (I:H) impacts but no availability disruption (A:N).
Advisories and additional details, including potential mitigations or patches, are documented in the provided references: a Google Drive file at https://drive.google.com/file/d/12yeOXW_sN69QjsQtW0_k9AGqozi1s0di/view?usp=sharing, the project repository at https://github.com/Shridharshukl/Blood-Bank-Management-System, and a CVE summary at https://github.com/kiwi865/CVEs/blob/main/CVE-2025-63535.md.
Details
- CWE(s)
Affected Products
MITRE ATT&CK Enterprise Techniques
Why these techniques?
SQL injection vulnerability in a public-facing web application (Blood Bank Management System) enables authentication bypass and unauthorized access via exploitation of remote services.