Insecure Direct Object Reference in Codeastro Bus Ticket Booking System

CVE-2025-25777

What is CVE-2025-25777?

The Codeastro Bus Ticket Booking System version 1.0 contains a vulnerability that allows unauthorized users to access profiles of other users. This security flaw occurs due to Insecure Direct Object Reference (IDOR), whereby an attacker can manipulate the user ID present in the URL. Consequently, this manipulation enables an attacker to view and interact with sensitive information belonging to different users, bypassing necessary authentication and authorization safeguards.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch →

References