CVE-2025-12309

CVSS 7.3 High
  • CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
  • Published: 1761592562
  • Last modified: 1761592562

CVE-2025-12309 — A weakness has been identified in code-projects Nero Social Networking Site 1.0. This affects an unknown part of the file /friendprofile.php. Executing manipulation of the argument ID can lead to sql injection. It is possible to launch the attack remotely. The exploit has been made available to the public and… [Severity (CVSS) 7.3]

Related CVE by CWE

No closely related CVE found.

Risk snapshot

EPSS: n/a   |   KEV: not listed

Related CVE by CWE

No related CWE found.

Top CVE for Vendor

No vendor taxonomy on this entry.

Recently Exploited Similar Vulnerabilities

No recent KEV-listed items for this vendor/product.

A weakness has been identified in code-projects Nero Social Networking Site 1.0. This affects an unknown part of the file /friendprofile.php. Executing manipulation of the argument ID can lead to sql injection. It is possible to launch the attack remotely. The exploit has been made available to the public and could be exploited.

🧠 Explainer: What this vulnerability means

Summary: the product from the vendor is impacted (CWE: unspecified).

Impact: Potential impact includes remote code execution, data theft, or denial of service.

Mitigation: Prioritize patching and consider temporary workarounds documented by the vendor.

No vendor/product data yet.

No explicit mitigation/advisory links found in references.