CVE-2025-1587
Published: 23 February 2025
Description
Adversaries may exploit software vulnerabilities in an attempt to elevate privileges.
Security Summary
CVE-2025-1587 is a buffer overflow vulnerability in SourceCodester Telecom Billing Management System 1.0, published on 2025-02-23. The issue affects the addrecords function in the main.cpp file of the Add New Record component, where manipulation of the name or phonenumber arguments triggers the flaw. Rated as critical with a CVSS v3.1 base score of 5.3 (AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L), it is linked to CWE-119 (Improper Restriction of Operations within the Bounds of a Memory Buffer) and CWE-120 (Buffer Copy without Checking Size of Input).
The vulnerability requires local access for exploitation, allowing an attacker with low privileges to manipulate the affected arguments and trigger a buffer overflow. Successful exploitation can lead to limited impacts on confidentiality, integrity, and availability, potentially enabling unauthorized data access, modification, or denial of service within the local scope.
Advisories referenced in VulDB entries (ctiid.296567, id.296567, submit.505363) and a GitHub issue (wshRE/CVE/issues/1) detail the vulnerability, with the exploit publicly disclosed and potentially usable. The vendor site at sourcecodester.com may provide additional context, though specific patch or mitigation guidance is not detailed in the available information. Other parameters might also be affected.
Details
- CWE(s)
Affected Products
MITRE ATT&CK Enterprise Techniques
Why these techniques?
The local buffer overflow vulnerability (CWE-120) in the addrecords function of main.cpp enables arbitrary code execution via uncontrolled input to name/phonenumber fields, facilitating exploitation for privilege escalation.