Cyber Resilience

CVE-2025-1163

MediumPublic PoC

Published: 11 February 2025

Published
11 February 2025
Modified
10 April 2025
KEV Added
Patch
CVSS Score v4 4.8 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
EPSS Score 0.0012 31.1th percentile
Risk Priority 10 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2025-1163 is a medium-severity Improper Restriction of Operations within the Bounds of a Memory Buffer (CWE-119) vulnerability in Code-Projects Vehicle Parking Management System. Its CVSS base score is 4.8 (Medium).

Operationally, exploitation aligns with the MITRE ATT&CK technique Exploitation for Privilege Escalation (T1068); ranked at the 31.1th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.

The strongest mitigations our analysis identified are NIST 800-53 SI-10 (Information Input Validation) and SI-16 (Memory Protection).

Deeper analysis

CVE-2025-1163 is a stack-based buffer overflow vulnerability affecting the login function within the Authentication component of the Vehicle Parking Management System 1.0, developed by code-projects. The issue arises from manipulation of the username argument, classified under CWEs-119 (Improper Restriction of Operations within the Bounds of a Memory Buffer), CWE-121 (Stack-based Buffer Overflow), and CWE-787 (Out-of-bounds Write). It was published on 2025-02-11 and carries a CVSS v3.1 base score of 5.3 (AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L), despite being described as critical.

The vulnerability requires local access with low privileges to exploit, involving low attack complexity and no user interaction. A successful attack can result in limited impacts to confidentiality, integrity, and availability, potentially allowing an attacker to cause a denial of service, disclose sensitive information, or modify data through the buffer overflow.

References point to VulDB entries (ctiid.295066, id.295066, submit.494008) for details, an exploit disclosure in a GitHub-hosted PDF (binary1.pdf), and the original project site at code-projects.org. No specific patches or mitigations are detailed in the provided information, but the public exploit disclosure indicates practitioners should isolate or update the system if possible.

EU & UK References

Vulnerability details

A vulnerability classified as critical was found in code-projects Vehicle Parking Management System 1.0. This vulnerability affects the function login of the component Authentication. The manipulation of the argument username leads to stack-based buffer overflow. An attack has to be…

more

approached locally. The exploit has been disclosed to the public and may be used.

CWE(s)

Related Threats

MITRE ATT&CK Enterprise TechniquesAI

T1068 Exploitation for Privilege Escalation Privilege Escalation
Adversaries may exploit software vulnerabilities in an attempt to elevate privileges.
T1203 Exploitation for Client Execution Execution
Adversaries may exploit software vulnerabilities in client applications to execute code.
Why these techniques?

Stack-based buffer overflow in login function enables arbitrary code execution via client application exploitation (T1203) and potential privilege escalation (T1068).

CVEs Like This One

CVE-2025-1187Same vendor: Code-Projects
CVE-2025-2589Same vendor: Code-Projects
CVE-2025-7172Same vendor: Code-Projects
CVE-2025-7412Same vendor: Code-Projects
CVE-2025-0206Same vendor: Code-Projects
CVE-2025-7168Same vendor: Code-Projects
CVE-2025-2039Same vendor: Code-Projects
CVE-2025-2033Same vendor: Code-Projects
CVE-2025-7173Same vendor: Code-Projects
CVE-2026-5256Same vendor: Code-Projects

Affected Assets

code-projects
vehicle parking management system
1.0

Mitigating Controls

Mitigating Controls (NIST 800-53 r5) AI

prevent

Directly validates the username input to prevent manipulation leading to stack-based buffer overflow.

prevent

Implements memory safeguards like stack canaries, ASLR, and DEP to protect against stack-based buffer overflow exploits.

preventrecover

Remediates the specific buffer overflow flaw in the login function through timely patching or code correction.

References