CVE-2025-15390HIGH 8.8EPSS p26.3%

CVE-2025-15390CVE-2025-15390

Description

A security flaw has been discovered in PHPGurukul Small CRM 4.0. This impacts an unknown function of the file /admin/edit-user.php. The manipulation results in missing authorization. It is possible to launch the attack remotely. The exploit has been released to the public and may be used for attacks.

Scoring

CVSS 3.18.8 (HIGH)
VectorCVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
EPSS0.34% probability of exploitation · percentile 26.3% · 2026-06-18T12:00:27Z
Published2025-12-31
Last modified2026-04-29

Underlying weaknesses· 2

CWE-862CWE-863

References

  1. https://github.com/rsecroot/Small-Customer-Relationship-Management-CRM-in-PHP/blob/main/Broken%20Access%20Control.md
  2. https://phpgurukul.com/
  3. https://vuldb.com/?ctiid.339151
  4. https://vuldb.com/?id.339151
  5. https://vuldb.com/?submit.727430
  6. https://github.com/rsecroot/Small-Customer-Relationship-Management-CRM-in-PHP/blob/main/Broken%20Access%20Control.md

2

TypeTargetConfidenceTier
WeaknessMissing Authorizationcwe-8620%live
WeaknessIncorrect Authorizationcwe-8630%live

Related by meaning· 6

Nearest entities by semantic similarity across the cs-graph corpus.

CVE
CVE-2025-15406
CVE
CVE-2025-10114
CVE
CVE-2025-11053
CVE
CVE-2025-10079
CVE
CVE-2025-10098
CVE
CVE-2025-4934
Sourced from NVD + FIRST.org EPSS. Curated for EU compliance use cases by Adam Lundqvist, Founder at SQUR.