CVE-2025-4069

A vulnerability, which was classified as critical, has been found in code-projects Product Management System 1.0. Affected by this issue is the function add_item. The manipulation of the argument st.productname leads to stack-based buffer overflow. An attack has to be approached locally. The exploit has been disclosed to the public and may be used.
References
Link Resource
https://code-projects.org/ Product
https://github.com/zzzxc643/cve/blob/main/PRODUCT_MANAGEMENT_SYSTEM.md Exploit Third Party Advisory
https://vuldb.com/?ctiid.306506 Permissions Required Third Party Advisory VDB Entry
https://vuldb.com/?id.306506 Third Party Advisory VDB Entry
https://vuldb.com/?submit.559516 Third Party Advisory VDB Entry
https://github.com/zzzxc643/cve/blob/main/PRODUCT_MANAGEMENT_SYSTEM.md Exploit Third Party Advisory
Configurations

Configuration 1 (hide)

cpe:2.3:a:code-projects:product_management_system:1.0:*:*:*:*:*:*:*

History

28 May 2025, 17:26

Type Values Removed Values Added
References () https://code-projects.org/ - () https://code-projects.org/ - Product
References () https://github.com/zzzxc643/cve/blob/main/PRODUCT_MANAGEMENT_SYSTEM.md - () https://github.com/zzzxc643/cve/blob/main/PRODUCT_MANAGEMENT_SYSTEM.md - Exploit, Third Party Advisory
References () https://vuldb.com/?ctiid.306506 - () https://vuldb.com/?ctiid.306506 - Permissions Required, Third Party Advisory, VDB Entry
References () https://vuldb.com/?id.306506 - () https://vuldb.com/?id.306506 - Third Party Advisory, VDB Entry
References () https://vuldb.com/?submit.559516 - () https://vuldb.com/?submit.559516 - Third Party Advisory, VDB Entry
CPE cpe:2.3:a:code-projects:product_management_system:1.0:*:*:*:*:*:*:*
First Time Code-projects product Management System
Code-projects

02 May 2025, 13:53

Type Values Removed Values Added
Summary
  • (es) Se ha detectado una vulnerabilidad clasificada como crítica en code-projects Product Management System 1.0. La función add_item se ve afectada por este problema. La manipulación del argumento st.productname provoca un desbordamiento del búfer en la pila. Un ataque debe abordarse localmente. Se ha hecho público el exploit y puede que sea utilizado.

29 Apr 2025, 18:15

Type Values Removed Values Added
References () https://github.com/zzzxc643/cve/blob/main/PRODUCT_MANAGEMENT_SYSTEM.md - () https://github.com/zzzxc643/cve/blob/main/PRODUCT_MANAGEMENT_SYSTEM.md -

29 Apr 2025, 16:15

Type Values Removed Values Added
New CVE

Information

Published : 2025-04-29 16:15

Updated : 2025-05-28 17:26


NVD link : CVE-2025-4069

Mitre link : CVE-2025-4069

CVE.ORG link : CVE-2025-4069


JSON object : View

Products Affected

code-projects

  • product_management_system
CWE
CWE-119

Improper Restriction of Operations within the Bounds of a Memory Buffer

CWE-121

Stack-based Buffer Overflow