What is CVE-2025-1577?

CVE-2025-1577 affects the Blood Bank System 1.0, allowing cross-site scripting through manipulation of the 'message' argument in /prostatus.php. Organizations should prioritize patching to mitigate potential exploitation.

What is the severity of CVE-2025-1577?

CVE-2025-1577 has a severity rating of MEDIUM with a CVSS base score of 5.1.

CVE-2025-1577 | Medium Vulnerability in code-projects Blood Bank System

A vulnerability, which was classified as problematic, has been found in code-projects Blood Bank System 1.0. Affected by this issue is some unknown functionality of the file /prostatus.php. The manipulation of the argument message leads to cross site scripting. The attack may be launched remotely. The exploit has been disclosed to the public and may be used.

The vulnerability has a CVSS score of 5.1, indicating a medium severity level. Organizations utilizing this system should be aware of the potential risks associated with this vulnerability. Risk to organizations includes unauthorized access to user data and potential system disruption.

Given the nature of this vulnerability and its public disclosure, organizations should prioritize patching immediately. It is crucial to assess the exposure of the affected systems to mitigate potential exploitation.

This vulnerability is categorized under CWE-79 (Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')) and CWE-94 (Code Injection).

Vulnerability Details

The CVSS score of 5.1 indicates a medium severity level, which suggests that exploitation could lead to moderate impact on confidentiality and integrity, but not on availability.

The affected product is the Blood Bank System version 1.0 from code-projects, and this vulnerability was published on February 23, 2025.

Technical Analysis

The root cause of this vulnerability is improper input validation in the /prostatus.php file. The attack vector is network-based, allowing remote exploitation with low attack complexity.

The vulnerability requires low privileges and passive user interaction, which means an attacker does not need to be authenticated to exploit this issue.

The impact on confidentiality is none, while the integrity impact is low, indicating that an attacker may alter data without detection. There are no impacts on availability.

Risk & Impact Analysis

Real-world deployment risk includes the possibility of attackers exploiting the cross-site scripting vulnerability to execute malicious scripts in the context of other users' browsers.

Organizations should understand that the blast radius could extend to sensitive data exposure or system compromise, especially if user input is not adequately sanitized.

Given the CVSS score of 5.1, organizations should address this vulnerability in their priority patch cycle to mitigate associated risks.

Exploitation Status

Signal	Status
Known Exploit	No
Public PoC	No
Actively Exploited	No
Ransomware Use	No

Affected Versions

The affected version of the Blood Bank System is 1.0. All versions prior to vendor patch are also considered vulnerable.

Mitigation & Remediation

Organizations should prioritize patching immediately to protect against this vulnerability. It is crucial to apply security updates provided by code-projects to remediate the issue.

Configuration hardening can also help mitigate risk, including validating user inputs and sanitizing outputs to prevent cross-site scripting attacks.

For further insights on effective security measures, organizations can refer to our guidelines on penetration testing to ensure comprehensive security.

Detection Guidance

Log indicators of suspicious activity related to the /prostatus.php file and monitor for unusual patterns of input manipulation that could signify an attempt to exploit this vulnerability.

Behavioral anomalies in user sessions, particularly where data is manipulated through the message argument, should be flagged for investigation.

AppSecure Threat Intelligence Insight

The long-term significance of this vulnerability highlights the importance of proactive security measures in web applications. Cross-site scripting vulnerabilities remain prevalent and represent a common attack vector.

Security teams should be vigilant about implementing robust input validation and output encoding practices to mitigate similar vulnerabilities in the future.

For further reading on the topic, see our resources on penetration testing methodology and how to effectively manage vulnerabilities.

Additionally, organizations can benefit from reviewing our guide on designing a vulnerability management program for comprehensive security strategies.

Known Exploitation Timeline

This CVE is not listed in the KEV catalog and there are no known active exploitation cases at this time.

EPSS Risk Context

The EPSS score for this vulnerability is 0.00125, placing it in the 31.38 percentile. This indicates a low probability of exploitation in the wild.

Disclaimer: This content was generated using AI. While we strive for accuracy, please verify critical information with official sources.

CVE ID	Title	Severity	Vulnerability Type	Published
CVE-2025-65418	CVE-2025-65418: High Vulnerability in docuFORM Managed Print Service Client	HIGH	Path Traversal	May 11, 2026
CVE-2025-65417	CVE-2025-65417: Medium Vulnerability in docuFORM Managed Print Service Client	MEDIUM	XSS	May 11, 2026
CVE-2025-65416	CVE-2025-65416: Medium Vulnerability in docuFORM Managed Print Service Client	MEDIUM	Unrestricted File Upload	May 11, 2026
CVE-2025-65415	CVE-2025-65415: Medium Vulnerability in docuFORM Managed Print Service Client	MEDIUM	Session Fixation	May 11, 2026
CVE-2025-61314	CVE-2025-61314: High Vulnerability in GmbH Mecury Managed Print Services	HIGH	XSS	May 11, 2026

CVE-2025-1577: Medium Vulnerability in code-projects Blood Bank System