Insecure Direct Object Reference in Codeastro Bus Ticket Booking System
CVE-2025-25777

Currently unrated

Key Information:

Vendor: Codeastro
Status: Bus Ticket Booking System
Vendor: CVE Published:; 24 April 2025

What is CVE-2025-25777?

The Codeastro Bus Ticket Booking System version 1.0 contains a vulnerability that allows unauthorized users to access profiles of other users. This security flaw occurs due to Insecure Direct Object Reference (IDOR), whereby an attacker can manipulate the user ID present in the URL. Consequently, this manipulation enables an attacker to view and interact with sensitive information belonging to different users, bypassing necessary authentication and authorization safeguards.

References

https://codeastro.com/bus-ticket-booking-system-in-php-co...

https://github.com/arunmodi/Vulnerability-Research/tree/m...

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Apr 24, 2025
Vulnerability Reserved
Feb 7, 2025