CVE-2025-12615HIGH 8.1EPSS p24.4%

CVE-2025-12615CVE-2025-12615

Description

A security vulnerability has been detected in PHPGurukul News Portal 1.0. The affected element is an unknown function of the file /onps/settings.py. Such manipulation of the argument SECRET_KEY leads to use of hard-coded cryptographic key . The attack may be performed from remote. The attack requires a high level of complexity. The exploitability is described as difficult. The exploit has been disclosed publicly and may be used.

Scoring

CVSS 3.18.1 (HIGH)
VectorCVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
EPSS0.33% probability of exploitation · percentile 24.4% · 2026-06-18T12:00:27Z
Published2025-11-03
Last modified2026-04-29

Underlying weaknesses· 2

CWE-320CWE-321

References

  1. https://github.com/NishantKumar-CSE/News-Portal-Python-Django-Project/blob/main/Hard-coded%20Cryptographic%20Key.md
  2. https://phpgurukul.com/
  3. https://vuldb.com/?ctiid.330909
  4. https://vuldb.com/?id.330909
  5. https://vuldb.com/?submit.678625
  6. https://github.com/NishantKumar-CSE/News-Portal-Python-Django-Project/blob/main/Hard-coded%20Cryptographic%20Key.md

2

TypeTargetConfidenceTier
cwe-3200%live
WeaknessUse of Hard-coded Cryptographic Keycwe-3210%live

Related by meaning· 6

Nearest entities by semantic similarity across the cs-graph corpus.

CVE
CVE-2025-1859
CVE
CVE-2025-15406
CVE
CVE-2025-5250
CVE
CVE-2025-4794
CVE
CVE-2025-5251
CVE
CVE-2025-4906
Sourced from NVD + FIRST.org EPSS. Curated for EU compliance use cases by Adam Lundqvist, Founder at SQUR.