CVE-2025-12615

Sažetak

A security vulnerability has been detected in PHPGurukul News Portal 1.0. The affected element is an unknown function of the file /onps/settings.py. Such manipulation of the argument SECRET_KEY leads to use of hard-coded cryptographic key . The attack may be performed from remote. The attack requires a high level of complexity. The exploitability is described as difficult. The exploit has been disclosed publicly and may be used.

Reference

https://github.com/NishantKumar-CSE/News-Portal-Python-Django-Project/blob/main/Hard-coded%20Cryptographic%20Key.md
https://phpgurukul.com/
https://vuldb.com/?ctiid.330909
https://vuldb.com/?id.330909
https://vuldb.com/?submit.678625
https://github.com/NishantKumar-CSE/News-Portal-Python-Django-Project/blob/main/Hard-coded%20Cryptographic%20Key.md

CVSS

Base:	5.1
Impact:	6.4
Exploitability:	4.9

Pristup

Vektor	Složenost	Autentikacija
NETWORK	HIGH	NONE

Impact

Povjerljivost	Cjelovitost	Dostupnost
PARTIAL	PARTIAL	PARTIAL

CVSS vektor

AV:N/AC:H/Au:N/C:P/I:P/A:P

Zadnje važnije ažuriranje

10-11-2025 - 16:18

Objavljeno

03-11-2025 - 04:15