CVE-2025-25777

Exploit

EPSS 0.03%
Veröffentlicht 24.04.2025 00:00:00
Zuletzt bearbeitet 28.05.2025 13:41:40
Quelle cve@mitre.org
CVE-Watchlists
Login
Unerledigt
Login

Insecure Direct Object Reference (IDOR) in Codeastro Bus Ticket Booking System v1.0 allows unauthorized access to user profiles. By manipulating the user ID in the URL, an attacker can access another user's profile without proper authentication or authorization checks.

Betroffene Produkte Warnungen 0 Metriken 2 CWE 1 Referenzen 5

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Codeastro ≫ Bus Ticket Booking System Version1.0

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.03%	0.092

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
134c704f-9b21-4f2e-91b3-4a467353bcc0	8	2.5	5.5	CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:L

CWE-639 Authorization Bypass Through User-Controlled Key

The system's authorization functionality does not prevent one user from gaining access to another user's data or record by modifying the key value identifying the data.

https://codeastro.com/bus-ticket-booking-system-in-php-codeigniter-with-source-code/

Product

https://github.com/arunmodi/Vulnerability-Research/tree/main/CVE-2025-25777

Third Party Advisory

Exploit

https://nvd.nist.gov/vuln/detail/CVE-2025-25777

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2025-25777

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2025-25777

EUVD