CVE-2025-25777

Published Apr 24, 2025

Last updated a month ago

Overview

Description: Insecure Direct Object Reference (IDOR) in Codeastro Bus Ticket Booking System v1.0 allows unauthorized access to user profiles. By manipulating the user ID in the URL, an attacker can access another user's profile without proper authentication or authorization checks.
Source: cve@mitre.org
NVD status: Analyzed

Risk scores

CVSS 3.1

Type: Secondary
Base score: 8
Impact score: 5.5
Exploitability score: 2.5
Vector string: CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:L
Severity: HIGH

Weaknesses

134c704f-9b21-4f2e-91b3-4a467353bcc0: CWE-639

Hype score: Not currently trending

CVE-2025-25777 04/24/2025 09:15:23 PM BaseSeverity: HIGH Insecure Direct Object Reference (IDOR) in Codeastro Bus Ticket Booking System v1.0 allows unauthorized access to user profiles. By man... https://t.co/1MB2VOmi6M
@CVETracker
25 Apr 2025
10 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes

Configurations

[
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:a:codeastro:bus_ticket_booking_system:1.0:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "CA1ACB32-C553-48FC-B080-3F88DF091093"
          }
        ],
        "operator": "OR"
      }
    ]
  }
]

References

Sources include official advisories and independent security research.