CVE-2025-4029: code-projects Personal Diary Management System New Record addrecord stack-based overflow
Description
A vulnerability was found in code-projects Personal Diary Management System 1.0 and classified as critical. Affected by this issue is the function addrecord of the component New Record Handler. The manipulation of the argument filename leads to stack-based buffer overflow. Local access is required to approach this attack. The exploit has been disclosed to the public and may be used. Eine Schwachstelle wurde in code-projects Personal Diary Management System 1.0 gefunden. Sie wurde als kritisch eingestuft. Dies betrifft die Funktion addrecord der Komponente New Record Handler. Durch das Beeinflussen des Arguments filename mit unbekannten Daten kann eine stack-based buffer overflow-Schwachstelle ausgenutzt werden. Der Angriff muss lokal passieren. Der Exploit steht zur öffentlichen Verfügung.
Classification
CVE ID: CVE-2025-4029
CVSS Base Severity: MEDIUM
CVSS Base Score: 5.3
CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
Affected Products
Vendor: code-projects
Product: Personal Diary Management System
Exploit Prediction Scoring System (EPSS)
EPSS Score: 0.02% (probability of being exploited)
EPSS Percentile: 2.09% (scored less or equal to compared to others)
EPSS Date: 2025-05-27 (when was this score calculated)
Stakeholder-Specific Vulnerability Categorization (SSVC)
SSVC Exploitation: poc
SSVC Technical Impact: partial
SSVC Automatable: false
References
https://nvd.nist.gov/vuln/detail/CVE-2025-4029https://vuldb.com/?id.306392
https://vuldb.com/?ctiid.306392
https://vuldb.com/?submit.559198
https://github.com/zzzxc643/cve/blob/main/Diary%20Management%20System%20Stack%20Buffer%20Overflow.md
https://code-projects.org/