CVE-2025-4038: code-projects Train Ticket Reservation System reservation stack-based overflow
Description
A vulnerability was found in code-projects Train Ticket Reservation System 1.0. It has been declared as critical. Affected by this vulnerability is the function Reservation of the component Ticket Reservation. The manipulation of the argument Name leads to stack-based buffer overflow. Attacking locally is a requirement. The exploit has been disclosed to the public and may be used. In code-projects Train Ticket Reservation System 1.0 wurde eine kritische Schwachstelle ausgemacht. Dabei geht es um die Funktion Reservation der Komponente Ticket Reservation. Durch das Beeinflussen des Arguments Name mit unbekannten Daten kann eine stack-based buffer overflow-Schwachstelle ausgenutzt werden. Der Angriff muss lokal angegangen werden. Der Exploit steht zur öffentlichen Verfügung.
Classification
CVE ID: CVE-2025-4038
CVSS Base Severity: MEDIUM
CVSS Base Score: 4.8
CVSS Vector: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N
Affected Products
Vendor: code-projects
Product: Train Ticket Reservation System
Exploit Prediction Scoring System (EPSS)
EPSS Score: 0.02% (probability of being exploited)
EPSS Percentile: 2.0% (scored less or equal to compared to others)
EPSS Date: 2025-05-27 (when was this score calculated)
References
https://nvd.nist.gov/vuln/detail/CVE-2025-4038https://vuldb.com/?id.306403
https://vuldb.com/?ctiid.306403
https://vuldb.com/?submit.559344
https://github.com/zzzxc643/cve/blob/main/Buffer%20Overflow%20Vulnerability%20in%20Train%20Reservation%20System.md
https://code-projects.org/