CVE-2025-4037: code-projects ATM Banking moneyWithdraw logic error
Description
A vulnerability was found in code-projects ATM Banking 1.0. It has been classified as critical. Affected is the function moneyDeposit/moneyWithdraw. The manipulation leads to business logic errors. Local access is required to approach this attack. The exploit has been disclosed to the public and may be used. Es wurde eine kritische Schwachstelle in code-projects ATM Banking 1.0 ausgemacht. Es geht dabei um die Funktion moneyDeposit/moneyWithdraw. Durch Manipulieren mit unbekannten Daten kann eine business logic errors-Schwachstelle ausgenutzt werden. Der Angriff hat dabei lokal zu erfolgen. Der Exploit steht zur öffentlichen Verfügung.
Classification
CVE ID: CVE-2025-4037
CVSS Base Severity: MEDIUM
CVSS Base Score: 4.8
CVSS Vector: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:L/SC:N/SI:N/SA:N
Problem Types
Business Logic ErrorsAffected Products
Vendor: code-projects
Product: ATM Banking
Exploit Prediction Scoring System (EPSS)
EPSS Score: 0.02% (probability of being exploited)
EPSS Percentile: 2.24% (scored less or equal to compared to others)
EPSS Date: 2025-05-27 (when was this score calculated)
References
https://nvd.nist.gov/vuln/detail/CVE-2025-4037https://vuldb.com/?id.306402
https://vuldb.com/?ctiid.306402
https://vuldb.com/?submit.559303
https://github.com/zzzxc643/cve/blob/main/ATM_Banking.md
https://code-projects.org/