CVE-2025-60306
Received
Published: 10 Oct 2025, 17:15
Last modified:10 Oct 2025, 18:15
Vulnerability Summary
Overall Risk
Medium Risk
40/100 CVSS Score
9.9 CRITICAL
v3.1
EPSS Score
No data
CISA KEV
Not listed
Ransomware
No reports
Exploits
None found
Dark Web
Not detected
code-projects Simple Car Rental System 1.0 has a permission bypass issue where low privilege users can forge high privilege sessions and perform sensitive operations.
Source Identifier: cve@mitre.org
| CVSS | Source | Severity | Exploitability | Impact | Vector |
|---|---|---|---|---|---|
| v4.0 | n/a | ||||
| v3.1 | 134c704f-9b21-4f2e-91b3-4a467353bcc0 | 9.9 CRITICAL | 3.1 | 6 | CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H... |
| v3.0 | n/a | ||||
| v2.0 | n/a | ||||
Improper Access Control CWE-284
Description:The product does not restrict or incorrectly restricts access to a resource from an unauthorized actor.
Not listed in CISA Known Exploited Vulnerabilities catalog.
No dark web activity detected for this vulnerability.
No known public exploit code indexed (as of 10 Oct 2025, 18:15).
Exploitation status can change quickly once PoC code appears.
No affected systems information available.
| URL | Tags | Source |
|---|---|---|
| http://code-projects.com | - | cve@mitre.org |
| https://github.com/Chen1-Boop/CVE/blob/main/CVE-2025-60306.md | - | cve@mitre.org |