CVE-2025-25777

Insecure Direct Object Reference (IDOR) in Codeastro Bus Ticket Booking System v1.0 allows unauthorized access to user profiles. By manipulating the user ID in the URL, an attacker can access another user's profile without proper authentication or authorization checks.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
8 HIGH
LOCAL
LOW
NONE
CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:L
mitreCNA
---
---
CISA-ADPADP
8 HIGH
LOCAL
LOW
NONE
CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:L
Base Score
CVSS 3.x
EPSS Score
Percentile: 5%
VendorProductVersion
codeastrobus_ticket_booking_system
1.0
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
https://codeastro.com/bus-ticket-booking-system-in-php-codeigniter-with-source-code/
https://github.com/arunmodi/Vulnerability-Research/tree/main/CVE-2025-25777