← back
CVE-2025-70063

CVE-2025-70063

CVSS 6.5 MEDIUMEPSS 0.3%CWE-639
Vexday Risk Score
13Low
SSVC decision (CISA)
Track
No exploitation signal → monitor
CVSS 6.5EPSS 0.3%KEV nãoPoC Nuclei Metasploit Patch
Lifecycle
18 Feb 2026Published on NVD
Recommendation: Monitor — no exploitation signal at the moment.
The 'Medical History' module in PHPGurukul Hospital Management System v4.0 contains an Insecure Direct Object Reference (IDOR) vulnerability. The application fails to verify that the requested 'viewid' parameter belongs to the currently authenticated patient. This allows a user to access the confidential medical records of other patients by iterating the 'viewid' integer.
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
Affected products
n/a · n/a

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →
References
https://gist.github.com/Sanka1pp/f43c7eca5048152899e14412523afe80https://packetstorm.news/files/id/213711