CVE-2025-60306 — Improper Access Control in Simple CAR Rental System

CWE-284 — Improper Access Control CWE-287 — Improper Authentication3 documents3 sources

Severity

9.9CRITICALNVD

EPSS

0.1%

top 82.56%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Code-projects Simple CAR Rental System

Timeline

PublishedOct 10

Description

code-projects Simple Car Rental System 1.0 has a permission bypass issue where low privilege users can forge high privilege sessions and perform sensitive operations.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:HExploitability: 3.1 | Impact: 6.0

Affected Packages1 packages

▶NVDcode-projects/simple_car_rental_system1.0

🔴Vulnerability Details

GHSA

GHSA-j9w7-422g-j9w2: code-projects Simple Car Rental System 1↗2025-10-10

▶

CVEList

CVE-2025-60306: code-projects Simple Car Rental System 1↗2025-10-10

▶