CVE-2025-0335

CVE-2025-0335 is a critical vulnerability in code-projects Online Bike Rental System 1.0, affecting an unknown functionality within the Change Image Handler component. The issue enables unrestricted file upload through remote manipulation, with potential impacts on other endpoints as well. It is associated with CWE-284 (Improper Access Control) and CWE-434 (Unrestricted Upload of File with Dangerous Type), and carries a CVSS v3.1 base score of 6.3 (AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L).

An authenticated attacker with low privileges can exploit this vulnerability remotely with low complexity and no user interaction required. Exploitation leads to unrestricted file upload, resulting in low-level impacts on confidentiality, integrity, and availability.

Advisories from VulDB indicate the exploit has been publicly disclosed and is available for use, including a proof-of-concept on GitHub at https://github.com/Huandtx/cve/blob/main/cve/Online%20Bike%20Rental%20System/File_upload1.md. Additional references include the project site at https://code-projects.org/ and VulDB entries at https://vuldb.com/?ctiid.290822, https://vuldb.com/?id.290822, and https://vuldb.com/?submit.475365; no patches or specific mitigations are detailed in the provided information.