CVE-2025-4890

A vulnerability was found in code-projects Tourism Management System 1.0 and classified as critical. This issue affects the function LoginUser of the component Login User. The manipulation of the argument username/password leads to stack-based buffer overflow. Attacking locally is a requirement. The exploit has been disclosed to the public and may be used.

CVSS v3 5.3 MEDIUM
CVSS v2.0 4.3 MEDIUM

5.3^/10

CVSS v3 : MEDIUM

V3 Legend

Vector :

Exploitability : 1.8 / Impact : 3.4

Attack Vector LOCAL

Attack Complexity LOW

Privileges Required LOW

User Interaction NONE

Confidentiality Impact LOW

Integrity Impact LOW

Availability Impact LOW

Scope UNCHANGED

4.3^/10

CVSS v2.0 : MEDIUM

V2 Legend

Vector : AV:L/AC:L/Au:S/C:P/I:P/A:P

Exploitability : 3.1 / Impact : 6.4

Access Vector LOCAL

Access Complexity LOW

Authentication SINGLE

Confidentiality Impact PARTIAL

Integrity Impact PARTIAL

Availability Impact PARTIAL

References

Link	Resource
https://code-projects.org/	Product
https://github.com/zzzxc643/cve/blob/main/Tourism-Management-System2.md	Exploit Third Party Advisory
https://vuldb.com/?ctiid.309443	Permissions Required Third Party Advisory VDB Entry
https://vuldb.com/?id.309443	Third Party Advisory VDB Entry
https://vuldb.com/?submit.577499	Third Party Advisory VDB Entry
https://github.com/zzzxc643/cve/blob/main/Tourism-Management-System2.md	Exploit Third Party Advisory

Configurations

Configuration 1 (hide)

cpe:2.3:a:fabian:tourism_management_system:1.0:*:*:*:*:*:*:*

History

23 Oct 2025, 20:06

Type	Values Removed	Values Added
First Time		Fabian Fabian tourism Management System
CPE	cpe:2.3:a:fabianros:tourism_management_system:1.0:::::::*	cpe:2.3:a:fabian:tourism_management_system:1.0:::::::*

21 May 2025, 19:37

Type	Values Removed	Values Added
CWE		CWE-787
References	~~() https://code-projects.org/ -~~	() https://code-projects.org/ - Product
References	~~() https://github.com/zzzxc643/cve/blob/main/Tourism-Management-System2.md -~~	() https://github.com/zzzxc643/cve/blob/main/Tourism-Management-System2.md - Exploit, Third Party Advisory
References	~~() https://vuldb.com/?ctiid.309443 -~~	() https://vuldb.com/?ctiid.309443 - Permissions Required, Third Party Advisory, VDB Entry
References	~~() https://vuldb.com/?id.309443 -~~	() https://vuldb.com/?id.309443 - Third Party Advisory, VDB Entry
References	~~() https://vuldb.com/?submit.577499 -~~	() https://vuldb.com/?submit.577499 - Third Party Advisory, VDB Entry
First Time		Fabianros tourism Management System Fabianros
CPE		cpe:2.3:a:fabianros:tourism_management_system:1.0:::::::*

19 May 2025, 19:15

Type	Values Removed	Values Added
References	~~() https://github.com/zzzxc643/cve/blob/main/Tourism-Management-System2.md -~~	() https://github.com/zzzxc643/cve/blob/main/Tourism-Management-System2.md -

19 May 2025, 13:35

Type	Values Removed	Values Added
Summary		(es) Se encontró una vulnerabilidad en code-projects Tourism Management System 1.0, clasificada como crítica. Este problema afecta a la función LoginUser del componente Login User. La manipulación del argumento nombre de usuario/contraseña provoca un desbordamiento del búfer en la pila. Es obligatorio realizar un ataque local. Se ha hecho público el exploit y puede que sea utilizado.

18 May 2025, 18:15

Type	Values Removed	Values Added
New CVE

Information

Published : 2025-05-18 18:15

Updated : 2025-10-23 20:06

NVD link : CVE-2025-4890

Mitre link : CVE-2025-4890

CVE.ORG link : CVE-2025-4890

JSON object : View

Products Affected

fabian

tourism_management_system

CWE

CWE-119

Improper Restriction of Operations within the Bounds of a Memory Buffer

CWE-121

Stack-based Buffer Overflow

CWE-787

Out-of-bounds Write

5.3 /10