CVE-2025-1163
Published: 11 February 2025
Description
Adversaries may exploit software vulnerabilities in client applications to execute code.
Security Summary
CVE-2025-1163 is a stack-based buffer overflow vulnerability affecting the login function within the Authentication component of the Vehicle Parking Management System 1.0, developed by code-projects. The issue arises from manipulation of the username argument, classified under CWEs-119 (Improper Restriction of Operations within the Bounds of a Memory Buffer), CWE-121 (Stack-based Buffer Overflow), and CWE-787 (Out-of-bounds Write). It was published on 2025-02-11 and carries a CVSS v3.1 base score of 5.3 (AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L), despite being described as critical.
The vulnerability requires local access with low privileges to exploit, involving low attack complexity and no user interaction. A successful attack can result in limited impacts to confidentiality, integrity, and availability, potentially allowing an attacker to cause a denial of service, disclose sensitive information, or modify data through the buffer overflow.
References point to VulDB entries (ctiid.295066, id.295066, submit.494008) for details, an exploit disclosure in a GitHub-hosted PDF (binary1.pdf), and the original project site at code-projects.org. No specific patches or mitigations are detailed in the provided information, but the public exploit disclosure indicates practitioners should isolate or update the system if possible.
Details
- CWE(s)
Affected Products
MITRE ATT&CK Enterprise Techniques
Why these techniques?
Stack-based buffer overflow in login function enables arbitrary code execution via client application exploitation (T1203) and potential privilege escalation (T1068).