CVE-2025-0529
Published: 17 January 2025
Description
Adversaries may exploit software vulnerabilities in an attempt to elevate privileges.
Security Summary
CVE-2025-0529 is a critical stack-based buffer overflow vulnerability in code-projects Train Ticket Reservation System 1.0, specifically affecting an unknown part of the Login Form component. The issue arises from manipulation of the username argument, as identified under CWEs-119 (Improper Restriction of Operations within the Bounds of a Memory Buffer), CWE-121 (Stack-based Buffer Overflow), and CWE-787 (Out-of-bounds Write). It received a CVSS v3.1 base score of 5.3 (AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L) and was published on 2025-01-17.
Exploitation requires local access with low privileges and low attack complexity, with no user interaction needed. A local attacker could manipulate the username input during login to trigger the buffer overflow, potentially leading to limited impacts on confidentiality, integrity, and availability, such as partial data exposure, modification, or denial of service.
Advisories from VulDB (ctiid.292413, id.292413, submit.478447) document the vulnerability, while a GitHub Gist provides a publicly disclosed exploit. The original project page at code-projects.org hosts the affected Train Ticket Reservation System 1.0 source code. No patches or specific mitigations are detailed in the available references.
The exploit has been publicly disclosed and may be used by attackers, though no real-world exploitation in the wild is noted.
Details
- CWE(s)
Affected Products
MITRE ATT&CK Enterprise Techniques
Why these techniques?
Stack-based buffer overflow in login form enables local exploitation for arbitrary code execution and privilege escalation if run with elevated privileges.