CVE-2025-12309

📊 6.9 MEDIUM⚡ 0.0%🎯 0 exploits

📅 Published Oct 27, 2025

📋 Status: Analyzed

A weakness has been identified in code-projects Nero Social Networking Site 1.0. This affects an unknown part of the file /friendprofile.php. Executing manipulation of the argument ID can lead to sql injection. It is possible to launch the attack remotely. The exploit has been made available to the public and could be exploited.

CVSS v3.1 • [email protected]

🎯 Affected Products & Systems

1 product configurations affected

Filter by type:

Type	Vendor	Product	Version Range	Status	CPE String
📱App	fabian	nero social networking site	1.0	Vulnerable	cpe:2.3:a:fabian:nero_social_networking_site:1.0:::::::*

📱

fabian / nero social networking site

Application

Vulnerable

Version: 1.0

CPE:

cpe:2.3:a:fabian:nero_social_networking_site:1.0:*:*:*:*:*:*:*

Metrics

6.9 MEDIUMCVSS v4.0[email protected]

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

🔍 Technical Details

Analysis Status

Analyzed

CVSS Details

6.9 (MEDIUM)v4.0

Source: [email protected]

EPSS Details

0.0% (Minimal)4.7th percentile

Last updated: Oct 31, 2025

Exploitation probability within 30 days

Published Date

Oct 27, 2025 (5 days ago)

Last Modified

Oct 30, 2025 (2 days ago)

Security Weaknesses3

CWE-74CWE-89

References5

NVDgeneralgeneral+2