The vulnerability identified as CVE-2025-50350 affects the PHPGurukul Pre-School Enrollment System Project version 1.0. It is a Directory Traversal vulnerability located in the manage-classes.php component of the application. Directory Traversal vulnerabilities occur when an application fails to properly sanitize user-supplied input used to access files or directories, allowing an attacker to manipulate file paths and access files outside the intended directory scope. In this case, the vulnerability likely allows an attacker to traverse directories on the server hosting the Pre-School Enrollment System, potentially accessing sensitive files such as configuration files, source code, or other data that should be protected. The vulnerability is present in a web application written in PHP, which is commonly used for web-based systems. Although the affected version is specified as 1.0 without further detail, the lack of patch information and absence of known exploits in the wild suggest that this vulnerability is newly disclosed and may not yet be widely exploited. The absence of a CVSS score limits precise severity quantification, but the nature of directory traversal vulnerabilities typically poses significant risks to confidentiality and potentially integrity of data. Since the vulnerability is in a system managing enrollment data for pre-schools, it may expose personal information of children, parents, and staff, raising privacy concerns. The vulnerability does not specify whether authentication is required or if user interaction is needed, but directory traversal flaws often can be exploited remotely via crafted HTTP requests without authentication, increasing the risk profile. No CWE identifiers or patch links are provided, indicating that further technical details and remediation guidance may be limited at this time.

For European organizations, especially educational institutions or service providers using the PHPGurukul Pre-School Enrollment System, this vulnerability could lead to unauthorized disclosure of sensitive personal data, including children's enrollment records, parental contact information, and internal system configurations. Such data breaches would violate the EU's General Data Protection Regulation (GDPR), potentially resulting in significant legal and financial penalties. Additionally, attackers gaining access to configuration files or source code could leverage this information to further compromise the system, leading to data integrity issues or service disruption. The exposure of sensitive data could also damage the reputation of affected institutions and erode trust among parents and stakeholders. Given the critical nature of protecting children's data in Europe, the impact extends beyond technical concerns to regulatory and reputational domains. Even if exploitation is not widespread yet, the potential for targeted attacks or automated scanning by malicious actors poses a tangible risk.

Organizations using the PHPGurukul Pre-School Enrollment System should immediately audit their installations for the presence of the vulnerable version 1.0. Since no official patches are currently available, administrators should implement input validation and sanitization controls on the manage-classes.php script to prevent directory traversal sequences such as '../' from being processed. Employing web application firewalls (WAFs) with rules to detect and block directory traversal attempts can provide a temporary protective layer. Restricting file system permissions to limit the web server's access to only necessary directories can reduce the impact of potential exploitation. Monitoring web server logs for suspicious requests targeting manage-classes.php or containing traversal patterns is recommended to detect exploitation attempts early. Organizations should also engage with the software vendor or community to obtain patches or updates as they become available. Finally, ensuring regular backups and incident response plans are in place will help mitigate damage if exploitation occurs.