CVE-2025-4069

CWE-119 — Buffer Overflow CWE-121 — Stack-based Buffer Overflow CWE-416 — Use After Free4 documents4 sources

Severity

4.8MEDIUM

EPSS

0.1%

top 76.17%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Code-projects Product Management System

Timeline

PublishedApr 29

Description

A vulnerability, which was classified as critical, has been found in code-projects Product Management System 1.0. Affected by this issue is the function add_item. The manipulation of the argument st.productname leads to stack-based buffer overflow. An attack has to be approached locally. The exploit has been disclosed to the public and may be used.

CVSS vector

CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N

Affected Packages2 packages

▶CVEListV5code-projects/product_management_system1.0

▶NVDcode-projects/product_management_system1.0

🔴Vulnerability Details

GHSA

GHSA-qfvm-vf5w-76fc: A vulnerability, which was classified as critical, has been found in code-projects Product Management System 1↗2025-04-29

▶

CVEList

code-projects Product Management System add_item stack-based overflow↗2025-04-29

▶

📋Vendor Advisories

Microsoft

Use After Free in vim/vim↗2021-12-14

▶