{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-04-30T15:32:00.208","vulnerabilities":[{"cve":{"id":"CVE-2025-25777","sourceIdentifier":"cve@mitre.org","published":"2025-04-24T21:15:23.933","lastModified":"2025-05-28T13:41:40.903","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"Insecure Direct Object Reference (IDOR) in Codeastro Bus Ticket Booking System v1.0 allows unauthorized access to user profiles. By manipulating the user ID in the URL, an attacker can access another user's profile without proper authentication or authorization checks."},{"lang":"es","value":"La Referencia Directa a Objetos (IDOR) insegura en Codeastro Bus Ticket Booking System v1.0 permite el acceso no autorizado a los perfiles de usuario. Al manipular el ID de usuario en la URL, un atacante puede acceder al perfil de otro usuario sin la debida autenticación ni verificación de autorización."}],"metrics":{"cvssMetricV31":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:L","baseScore":8.0,"baseSeverity":"HIGH","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"LOW"},"exploitabilityScore":2.5,"impactScore":5.5}]},"weaknesses":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","description":[{"lang":"en","value":"CWE-639"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:codeastro:bus_ticket_booking_system:1.0:*:*:*:*:*:*:*","matchCriteriaId":"CA1ACB32-C553-48FC-B080-3F88DF091093"}]}]}],"references":[{"url":"https://codeastro.com/bus-ticket-booking-system-in-php-codeigniter-with-source-code/","source":"cve@mitre.org","tags":["Product"]},{"url":"https://github.com/arunmodi/Vulnerability-Research/tree/main/CVE-2025-25777","source":"cve@mitre.org","tags":["Exploit","Third Party Advisory"]}]}}]}