CVE-2025-25777

Published: Apr 24, 2025Modified: May 28, 2025

8.0

Vector

CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:L

Exploitability: 2.5 / Impact: 5.5

Source: 134c704f-9b21-4f2e-91b3-4a467353bcc0 (Secondary)

Description

Insecure Direct Object Reference (IDOR) in Codeastro Bus Ticket Booking System v1.0 allows unauthorized access to user profiles. By manipulating the user ID in the URL, an attacker can access another user's profile without proper authentication or authorization checks.

Affected (1)

Products: Codeastro: Bus Ticket Booking System

1 product

Bus Ticket Booking System

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Codeastro Bus Ticket Booking System	Version 1.0

Related CWEs

Authorization Bypass Through User-Controlled Key

The system's authorization functionality does not prevent one user from gaining access to another user's data or record by modifying the key value identifying the data.

References (2)

https://codeastro.com/bus-ticket-booking-system-in-php-codeigniter-with-source-code/

Source: cve@mitre.org

Product

https://github.com/arunmodi/Vulnerability-Research/tree/main/CVE-2025-25777

Source: cve@mitre.org

ExploitThird Party Advisory

Timeline

No history available yet.