Unrestricted File Upload Vulnerability in Bdtask Flight Booking Software
CVE-2025-12222
Key Information:
- Vendor
Bdtask
- Status
- Vendor
- CVE Published:
- 27 October 2025
Badges
What is CVE-2025-12222?
A significant security flaw has been identified in Bdtask Flight Booking Software affecting versions up to 3.1. This vulnerability resides within the Deposit Handler component, specifically in the file /admin/transaction/deposit. It allows attackers to perform unrestricted file uploads, which can be executed remotely. The implications of this flaw are serious, as an attacker may leverage this vulnerability to upload malicious files, potentially compromising the server and its data without prior authentication. Despite initial contact regarding this vulnerability, the vendor has not provided a response, making users particularly vulnerable to exploitation.
Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.
Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.
Affected Version(s)
Flight Booking Software 3.0
Flight Booking Software 3.1
Exploit Proof of Concept (PoC)
PoC code is written by security researchers to demonstrate the vulnerability can be exploited. PoC code is also a key component for weaponization which could lead to ransomware.
References
CVSS V4
Timeline
- ๐ก
Public PoC available
- ๐พ
Exploit known to exist
Vulnerability published
Vulnerability Reserved