CVE-2025-25777

Insecure Direct Object Reference (IDOR) in Codeastro Bus Ticket Booking System v1.0 allows unauthorized access to user profiles. By manipulating the user ID in the URL, an attacker can access another user's profile without proper authentication or authorization checks.

CVSS

No CVSS.

References

Link	Resource
https://codeastro.com/bus-ticket-booking-system-in-php-codeigniter-with-source-code/	Product
https://github.com/arunmodi/Vulnerability-Research/tree/main/CVE-2025-25777	Exploit Third Party Advisory

Configurations

Configuration 1 (hide)

cpe:2.3:a:codeastro:bus_ticket_booking_system:1.0:*:*:*:*:*:*:*

History

28 May 2025, 13:41

Type	Values Removed	Values Added
First Time		Codeastro bus Ticket Booking System Codeastro
CPE		cpe:2.3:a:codeastro:bus_ticket_booking_system:1.0:::::::*
References	~~() https://github.com/arunmodi/Vulnerability-Research/tree/main/CVE-2025-25777 -~~	() https://github.com/arunmodi/Vulnerability-Research/tree/main/CVE-2025-25777 - Exploit, Third Party Advisory
References	~~() https://codeastro.com/bus-ticket-booking-system-in-php-codeigniter-with-source-code/ -~~	() https://codeastro.com/bus-ticket-booking-system-in-php-codeigniter-with-source-code/ - Product

24 Apr 2025, 21:15

Type	Values Removed	Values Added
New CVE

Information

Published : 2025-04-24 21:15

Updated : 2025-05-28 13:41

NVD link : CVE-2025-25777

Mitre link : CVE-2025-25777

JSON object : View

Products Affected

codeastro

bus_ticket_booking_system

CWE

No CWE.

JSON object

Attach tags to CVE-2025-25777

Attach tags to `CVE-2025-25777`