PHPGurukul News Portal 1.0 Hard-Coded SECRET_KEY via settings.py
CVE-2025-12615 Published on November 3, 2025
PHPGurukul News Portal settings.py hard-coded key
A security vulnerability has been detected in PHPGurukul News Portal 1.0. The affected element is an unknown function of the file /onps/settings.py. Such manipulation of the argument SECRET_KEY leads to use of hard-coded cryptographic key
. The attack may be performed from remote. The attack requires a high level of complexity. The exploitability is described as difficult. The exploit has been disclosed publicly and may be used.
Timeline
Advisory disclosed
VulDB entry created
VulDB entry last update 9 days later.
Weakness Types
Use of Hard-coded Cryptographic Key
The use of a hard-coded cryptographic key significantly increases the possibility that encrypted data may be recovered.
Key Management Errors
Weaknesses in this category are related to errors in the management of cryptographic keys.
Products Associated with CVE-2025-12615
Want to know whenever a new CVE is published for PHPGurukul News Portal? stack.watch will email you.
Affected Versions
PHPGurukul News Portal Version 1.0 is affected by CVE-2025-12615Exploit Probability
EPSS (Exploit Prediction Scoring System) scores estimate the probability that a vulnerability will be exploited in the wild within the next 30 days. The percentile shows you how this score compares to all other vulnerabilities.