CVE-2025-1187
Published: 12 February 2025
Description
Adversaries may exploit software vulnerabilities in an attempt to elevate privileges.
Security Summary
CVE-2025-1187 is a critical stack-based buffer overflow vulnerability affecting an unknown functionality within the Delete Record Handler component of the Police FIR Record Management System version 1.0, available from code-projects.org. Published on 2025-02-12, the issue is linked to CWEs-119 (Improper Restriction of Operations within the Bounds of a Memory Buffer), CWE-121 (Stack-based Buffer Overflow), and CWE-787 (Out-of-bounds Write), with a CVSS v3.1 base score of 5.3 (AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L).
Exploitation requires local access (AV:L) by an attacker with low privileges (PR:L), low attack complexity (AC:L), and no user interaction (UI:N). Manipulation of the vulnerable component can trigger the stack-based buffer overflow, potentially leading to low-level impacts on confidentiality, integrity, and availability.
Advisories referenced in VulDB entries (ctiid.295093, id.295093, submit.495921) and a GitHub repository document the vulnerability, noting that the exploit has been publicly disclosed and may be used. No patches or specific mitigations are mentioned in the provided details.
Details
- CWE(s)
Affected Products
MITRE ATT&CK Enterprise Techniques
Why these techniques?
The stack-based buffer overflow vulnerability in the Delete Record Handler of the Police FIR Record Management System enables local exploitation for arbitrary code execution, facilitating privilege escalation.