CyberAlerts is shutting down on June 30th, 2025. Thank you for your support!

CVE-2025-4888: code-projects Pharmacy Management System Add Order Details take_order buffer overflow

4.8 CVSS

Description

A vulnerability, which was classified as critical, was found in code-projects Pharmacy Management System 1.0. This affects the function medicineType::take_order of the component Add Order Details. The manipulation leads to buffer overflow. An attack has to be approached locally. The exploit has been disclosed to the public and may be used. Es wurde eine kritische Schwachstelle in code-projects Pharmacy Management System 1.0 gefunden. Hiervon betroffen ist die Funktion medicineType::take_order der Komponente Add Order Details. Dank der Manipulation mit unbekannten Daten kann eine buffer overflow-Schwachstelle ausgenutzt werden. Der Angriff muss lokal erfolgen. Der Exploit steht zur öffentlichen Verfügung.

Classification

CVE ID: CVE-2025-4888

CVSS Base Severity: MEDIUM

CVSS Base Score: 4.8

CVSS Vector: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N

Problem Types

Buffer Overflow Memory Corruption

Affected Products

Vendor: code-projects

Product: Pharmacy Management System

Exploit Prediction Scoring System (EPSS)

EPSS Score: 0.02% (probability of being exploited)

EPSS Percentile: 2.13% (scored less or equal to compared to others)

EPSS Date: 2025-06-16 (when was this score calculated)

References

https://nvd.nist.gov/vuln/detail/CVE-2025-4888
https://vuldb.com/?id.309441
https://vuldb.com/?ctiid.309441
https://vuldb.com/?submit.577497
https://github.com/zzzxc643/cve/blob/main/Pharmacy_Management_System.md
https://code-projects.org/

Timeline

2025-05-18 17:40:11 UTC
CVE

code-projects Pharmacy Management System Add Order Details take_order buffer overflow