CVE-2025-25777

EUVD-2025-11982
Insecure Direct Object Reference (IDOR) in Codeastro Bus Ticket Booking System v1.0 allows unauthorized access to user profiles. By manipulating the user ID in the URL, an attacker can access another user's profile without proper authentication or authorization checks.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
8 HIGH
LOCAL
LOW
NONE
CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:L
CISA-ADPADP
8 HIGH
LOCAL
LOW
NONE
CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:L
Base Score
CVSS 3.x
EPSS Score
Percentile: 24%
Affected Products (NVD)
VendorProductVersion
codeastrobus_ticket_booking_system
1.0
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
https://codeastro.com/bus-ticket-booking-system-in-php-codeigniter-with-source-code/
https://github.com/arunmodi/Vulnerability-Research/tree/main/CVE-2025-25777