CVE-2025-25381

Published: Mar 6, 2025Modified: Mar 12, 2025

7.5

Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Exploitability: 3.9 / Impact: 3.6

Source: 134c704f-9b21-4f2e-91b3-4a467353bcc0 (Secondary)

Description

Incorrect access control in the KSRTC AWATAR app of Karnataka State Road Transport Corporation v1.3.0 allows to view sensitive information such as usernames and passwords.

Related CWEs

CWE-284

Improper Access Control

The product does not restrict or incorrectly restricts access to a resource from an unauthorized actor.

References (4)

https://github.com/advisories/GHSA-x2cr-cpw2-j9x5

Source: cve@mitre.org

https://github.com/edwin-0990/CVE_ID/blob/main/CVE-2025-25381/README.md

Source: cve@mitre.org

https://www.tenable.com/cve/CVE-2025-25381

Source: cve@mitre.org

https://github.com/edwin-0990/CVE_ID/blob/main/CVE-2025-25381/README.md

Source: 134c704f-9b21-4f2e-91b3-4a467353bcc0

Timeline

No history available yet.