CVE-2025-63529HIGH 8.8EPSS p23.1%

CVE-2025-63529CVE-2025-63529

Description

A session fixation vulnerability exists in Blood Bank Management System 1.0 in login.php that allows an attacker to set or predict a user's session identifier prior to authentication. When the victim logs in, the application continues to use the attacker-supplied session ID rather than generating a new one, enabling the attacker to hijack the authenticated session and gain unauthorized access to the victim's account.

Scoring

CVSS 3.18.8 (HIGH)
VectorCVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
EPSS0.32% probability of exploitation · percentile 23.1% · 2026-06-19T12:03:05Z
Published2025-12-01
Last modified2025-12-02

Underlying weaknesses· 1

CWE-384

References

  1. https://drive.google.com/file/d/12yeOXW_sN69QjsQtW0_k9AGqozi1s0di/view?usp=sharing
  2. https://github.com/Shridharshukl/Blood-Bank-Management-System
  3. https://github.com/kiwi865/CVEs/blob/main/CVE-2025-63529.md

1

TypeTargetConfidenceTier
WeaknessSession Fixationcwe-3840%live

Related by meaning· 6

Nearest entities by semantic similarity across the cs-graph corpus.

CVE
CVE-2025-63535
CVE
CVE-2025-63532
CVE
CVE-2025-63531
CVE
CVE-2025-63525
CVE
CVE-2025-2391
CVE
CVE-2025-3306
Sourced from NVD + FIRST.org EPSS. Curated for EU compliance use cases by Adam Lundqvist, Founder at SQUR.