CVE-2025-3148

CWE-119 — Buffer Overflow CWE-120 — Classic Buffer Overflow CWE-770 — Allocation without Limits4 documents4 sources

Severity

4.8MEDIUM

EPSS

0.1%

top 76.09%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Codeprojects Product Management System Code-projects Product Management System

Timeline

PublishedApr 3

Latest updateJun 9

Description

A vulnerability was found in codeprojects Product Management System 1.0 and classified as problematic. This issue affects some unknown processing of the component Login. The manipulation of the argument Str1 leads to buffer overflow. Attacking locally is a requirement. The exploit has been disclosed to the public and may be used.

CVSS vector

CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N

Affected Packages2 packages

▶CVEListV5codeprojects/product_management_system1.0

▶NVDcode-projects/product_management_system1.0

🔴Vulnerability Details

GHSA

Pion Interceptor's improper RTP padding handling allows remote crash for SFU users (DoS)↗2025-06-09

▶

CVEList

codeprojects Product Management System Login buffer overflow↗2025-04-03

▶

GHSA

GHSA-299w-p965-fx3w: A vulnerability was found in codeprojects Product Management System 1↗2025-04-03

▶