CVE-2025-70064
Privilege Escalation in PHPGurukul HMS Allows Admin Access
Publication date: 2026-02-18
Last updated on: 2026-02-23
Assigner: MITRE
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| phpgurukul | hospital_management_system | 4.0 |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-284 | The product does not restrict or incorrectly restricts access to a resource from an unauthorized actor. |
Attack-Flow Graph
AI Powered Q&A
How can this vulnerability impact me? :
[{'type': 'paragraph', 'content': 'This vulnerability can have serious impacts as it allows unauthorized users to take over the application by gaining administrative access. An attacker can view confidential logs, modify system data, and manage critical modules such as User Logs and Doctor Management.'}, {'type': 'paragraph', 'content': "Such unauthorized access can lead to data breaches, manipulation of sensitive patient and hospital data, disruption of hospital operations, and loss of trust in the system's security."}] [1]
How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:
I don't know
Can you explain this vulnerability to me?
CVE-2025-70064 is a privilege escalation vulnerability in PHPGurukul Hospital Management System v4.0. A low-privileged user, such as a patient who self-registers, can bypass access controls by manually navigating to the /admin/ directory after logging in. This allows the user to access the Administrator Dashboard and all its sub-modules without proper authorization.
Essentially, the system does not properly restrict access to administrative functions, enabling any self-registered user to elevate their privileges from a patient to an administrator simply by manipulating the URL.
How can this vulnerability be detected on my network or system? Can you suggest some commands?
[{'type': 'paragraph', 'content': 'This vulnerability can be detected by attempting to access the /admin/ directory after logging in as a low-privileged user (Patient). If the user can access the Administrator Dashboard and its sub-modules by manually browsing to /admin/, the system is vulnerable.'}, {'type': 'paragraph', 'content': 'A practical detection method involves registering a new user through the self-registration process, logging in as that user, and then trying to access the /admin/ URL directly.'}, {'type': 'paragraph', 'content': 'While no specific commands are provided, a simple approach using curl or a web browser to test URL access can be used, for example:'}, {'type': 'list_item', 'content': 'curl -i -c cookies.txt -d "username=newuser&password=pass" http://targetsite/register'}, {'type': 'list_item', 'content': 'curl -i -b cookies.txt http://targetsite/admin/'}, {'type': 'paragraph', 'content': 'If the /admin/ page is accessible with the low-privileged user session cookies, the vulnerability exists.'}] [1]
What immediate steps should I take to mitigate this vulnerability?
Immediate mitigation steps include restricting access to the /admin/ directory to only authorized administrator accounts and implementing proper authorization checks on the server side.
Ensure that low-privileged users cannot access administrative URLs by enforcing role-based access control (RBAC) and validating user permissions on every request.
Additionally, review and patch the application to fix the privilege escalation flaw, and consider disabling or securing the self-registration feature until the issue is resolved.