CVE-2025-1163
Published: 11 February 2025
Summary
CVE-2025-1163 is a medium-severity Improper Restriction of Operations within the Bounds of a Memory Buffer (CWE-119) vulnerability in Code-Projects Vehicle Parking Management System. Its CVSS base score is 4.8 (Medium).
Operationally, exploitation aligns with the MITRE ATT&CK technique Exploitation for Privilege Escalation (T1068); ranked at the 31.1th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.
The strongest mitigations our analysis identified are NIST 800-53 SI-10 (Information Input Validation) and SI-16 (Memory Protection).
Deeper analysis
CVE-2025-1163 is a stack-based buffer overflow vulnerability affecting the login function within the Authentication component of the Vehicle Parking Management System 1.0, developed by code-projects. The issue arises from manipulation of the username argument, classified under CWEs-119 (Improper Restriction of Operations within the Bounds of a Memory Buffer), CWE-121 (Stack-based Buffer Overflow), and CWE-787 (Out-of-bounds Write). It was published on 2025-02-11 and carries a CVSS v3.1 base score of 5.3 (AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L), despite being described as critical.
The vulnerability requires local access with low privileges to exploit, involving low attack complexity and no user interaction. A successful attack can result in limited impacts to confidentiality, integrity, and availability, potentially allowing an attacker to cause a denial of service, disclose sensitive information, or modify data through the buffer overflow.
References point to VulDB entries (ctiid.295066, id.295066, submit.494008) for details, an exploit disclosure in a GitHub-hosted PDF (binary1.pdf), and the original project site at code-projects.org. No specific patches or mitigations are detailed in the provided information, but the public exploit disclosure indicates practitioners should isolate or update the system if possible.
EU & UK References
- 🇪🇺 ENISA EUVD: EUVD-2025-2037
Vulnerability details
A vulnerability classified as critical was found in code-projects Vehicle Parking Management System 1.0. This vulnerability affects the function login of the component Authentication. The manipulation of the argument username leads to stack-based buffer overflow. An attack has to be…
more
approached locally. The exploit has been disclosed to the public and may be used.
- CWE(s)
Related Threats
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
Stack-based buffer overflow in login function enables arbitrary code execution via client application exploitation (T1203) and potential privilege escalation (T1068).
CVEs Like This One
Affected Assets
Mitigating Controls
Mitigating Controls (NIST 800-53 r5) AI
Directly validates the username input to prevent manipulation leading to stack-based buffer overflow.
Implements memory safeguards like stack canaries, ASLR, and DEP to protect against stack-based buffer overflow exploits.
Remediates the specific buffer overflow flaw in the login function through timely patching or code correction.