CVE-2025-51414 describes an arbitrary file upload vulnerability in Phpgurukul Online Course Registration v3.1. The issue is located in the profile picture upload functionality on the /my-profile.php page, where insufficient validation allows an authenticated user with low privileges to upload files that could lead to remote code execution or other severe impacts. The vulnerability is classified under CWE-94 (Improper Control of Generation of Code). The CVSS v3.1 score is 8.8, reflecting network attack vector, low attack complexity, required privileges, no user interaction, and high impact on confidentiality, integrity, and availability. No patch or official remediation level has been published, and the software is not a cloud service.

Successful exploitation of this vulnerability can lead to complete compromise of the affected system, including unauthorized code execution, data disclosure, and service disruption. Because the vulnerability allows arbitrary file upload, attackers could upload malicious scripts or executables to gain control over the server hosting the application. The high CVSS score (8.8) indicates a significant risk to confidentiality, integrity, and availability. There are no known active exploits reported at this time.

Patch status is not yet confirmed — check the vendor advisory for current remediation guidance. Until an official fix is released, it is recommended to restrict access to the profile picture upload functionality, implement strict file type validation and sanitization, and monitor for suspicious file uploads. Avoid running the application with unnecessary privileges to limit potential impact. Follow vendor channels for updates on patches or official mitigations.