exploitDog

CVE-2025-25777

Опубликовано: 24 апр. 2025

Источник: nvd

CVSS3: 8

EPSS Низкий

Описание

Insecure Direct Object Reference (IDOR) in Codeastro Bus Ticket Booking System v1.0 allows unauthorized access to user profiles. By manipulating the user ID in the URL, an attacker can access another user's profile without proper authentication or authorization checks.

Ссылки

https://codeastro.com/bus-ticket-booking-system-in-php-codeigniter-with-source-code/
Product
https://github.com/arunmodi/Vulnerability-Research/tree/main/CVE-2025-25777
Exploit
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:codeastro:bus_ticket_booking_system:1.0:*:*:*:*:*:*:*

EPSS

Процентиль: 12%

0.00039

Низкий

8 High

CVSS3

Дефекты

CWE-639

Связанные уязвимости

GHSA-rgw7-rhh8-mgf9

CVSS3: 8

github

10 месяцев назад

Insecure Direct Object Reference (IDOR) in Codeastro Bus Ticket Booking System v1.0 allows unauthorized access to user profiles. By manipulating the user ID in the URL, an attacker can access another user's profile without proper authentication or authorization checks.

EPSS

Процентиль: 12%

0.00039

Низкий

8 High

CVSS3

Дефекты

CWE-639