Security Advisory
CVE-2025-25777
CVE vulnerability detail — eXtreme Datacenter Security Operations
Description
Insecure Direct Object Reference (IDOR) in Codeastro Bus Ticket Booking System v1.0 allows unauthorized access to user profiles. By manipulating the user ID in the URL, an attacker can access another users profile without proper authentication or authorization checks.