Cyber Resilience

CVE-2025-12283

LowPublic PoC

Published: 27 October 2025

Published
27 October 2025
Modified
29 April 2026
KEV Added
Patch
CVSS Score v4 2.1 CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
EPSS Score 0.0001 1.8th percentile
Risk Priority 4 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2025-12283 is a low-severity Improper Authorization (CWE-285) vulnerability in Fabian Client Details System. Its CVSS base score is 2.1 (Low).

Operationally, exploitation aligns with the MITRE ATT&CK technique Exploitation for Privilege Escalation (T1068); ranked at the 1.8th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.

EU & UK References

Vulnerability details

A security flaw has been discovered in code-projects Client Details System 1.0. The impacted element is an unknown function. The manipulation results in authorization bypass. The attack can be launched remotely. The exploit has been released to the public and…

more

may be exploited.

CWE(s)

Related Threats

MITRE ATT&CK Enterprise TechniquesAI

T1068 Exploitation for Privilege Escalation Privilege Escalation
Adversaries may exploit software vulnerabilities in an attempt to elevate privileges.
T1190 Exploit Public-Facing Application Initial Access
Adversaries may attempt to exploit a weakness in an Internet-facing host or system to initially access a network.
T1087.001 Local Account Discovery
Adversaries may attempt to get a listing of local system accounts.
T1552.001 Credentials In Files Credential Access
Adversaries may search local file systems and remote file shares for files containing insecurely stored credentials.
Why these techniques?

IDOR and authorization bypass in public-facing web app enable exploitation for privilege escalation (T1068/T1190), local account discovery via manage-users page (T1087.001), and exposure of plaintext user passwords (T1552.001).

Affected Assets

fabian
client details system
1.0

Mitigating Controls

Likely Mitigating Controls AI

Per-CVE control mapping for this CVE has not run yet; the list below is derived from the weakness types (CWEs) cited in the NVD entry.

addresses: CWE-285 CWE-639

The control mandates authorization decisions for each access request, reducing the ability to exploit improper authorization weaknesses.

addresses: CWE-285 CWE-639

The control requires checking and applying authorization decisions per policy, preventing improper authorization.

addresses: CWE-285

Documented procedures facilitate correct implementation and ongoing management of authorization decisions.

addresses: CWE-285

Periodic reviews identify and correct flaws in authorization decisions or enforcement.

addresses: CWE-285

The control's documentation requirement reduces improper authorization by ensuring only mission-justified actions bypass authentication.

addresses: CWE-285

Establishing permitted attributes and values, plus auditing changes, ensures authorization decisions are based on correctly managed policy data.

addresses: CWE-285

Explicitly mandates authorizing remote access types before permitting connections, directly mitigating improper authorization.

addresses: CWE-285

The control explicitly requires authorization of each wireless access type prior to permitting connections.

References