CVE-2025-10604 is a SQL Injection vulnerability identified in version 1.0 of the PHPGurukul Online Discussion Forum software. The vulnerability exists in the /admin/edit_member.php file, specifically through improper sanitization or validation of the 'ID' parameter. An attacker can remotely manipulate this parameter to inject malicious SQL code, potentially allowing unauthorized access or modification of the underlying database. The vulnerability requires no authentication or user interaction, making it exploitable by any remote attacker with network access to the affected application. The CVSS 4.0 base score is 6.9 (medium severity), reflecting the network attack vector, low complexity, no privileges or user interaction required, and limited impact on confidentiality, integrity, and availability. Although no public exploits are currently known in the wild, the exploit code is publicly available, increasing the risk of exploitation. The vulnerability affects only version 1.0 of the PHPGurukul Online Discussion Forum, a niche open-source forum software. The lack of official patches or vendor-provided fixes at the time of publication increases the urgency for organizations using this software to implement mitigations or consider alternative solutions.

For European organizations using PHPGurukul Online Discussion Forum 1.0, this vulnerability poses a significant risk to the confidentiality and integrity of stored data, including user credentials, private messages, and forum content. Exploitation could lead to unauthorized data disclosure, data tampering, or complete database compromise, potentially damaging organizational reputation and violating data protection regulations such as GDPR. The ability to execute SQL injection remotely without authentication increases the attack surface and risk of automated exploitation attempts. Organizations relying on this forum software for internal or public communications may face service disruption or data breaches, impacting business continuity and trust. Given the public availability of exploit code, the threat landscape may escalate rapidly if attackers target vulnerable installations in Europe.

1. Immediate mitigation should include restricting access to the /admin/edit_member.php endpoint via network-level controls such as IP whitelisting or VPN access to limit exposure to trusted administrators only. 2. Employ Web Application Firewalls (WAFs) with custom rules to detect and block SQL injection payloads targeting the 'ID' parameter. 3. If possible, upgrade to a patched or newer version of the PHPGurukul forum software once available; if no patch exists, consider migrating to alternative forum platforms with active security maintenance. 4. Conduct thorough input validation and parameterized queries in the application code to prevent SQL injection. 5. Monitor logs for suspicious activity related to the 'ID' parameter and unusual database queries. 6. Regularly back up forum data securely to enable recovery in case of compromise. 7. Educate administrators on the risks of exposing administrative interfaces to the internet without adequate protections.