CVE-2025-4497

low-risk

Published 2025-05-10

A vulnerability was found in code-projects Simple Banking System up to 1.0. It has been rated as critical. This issue affects some unknown processing of the component Sign In. The manipulation of the argument password2 leads to buffer overflow. Attacking locally is a requirement. The exploit has been disclosed to the public and may be used.

Do I need to act?

0.08% chance of exploitation

EPSS score — low exploit probability

Not on CISA KEV list

No confirmed active exploitation reported to CISA

Patch status unknown

Check vendor advisories for fix availability and mitigation guidance

CVSS 5.3/10 Medium

LOCAL / LOW complexity

Affected Products (1)

Simple Banking System

Affected Vendors

Code-Projects

References (6)

Product https://code-projects.org/

Exploit https://github.com/zzzxc643/cve/blob/main/Banking_System.md

Permissions Required https://vuldb.com/?ctiid.308213

Third Party Advisory https://vuldb.com/?id.308213

Third Party Advisory https://vuldb.com/?submit.567082

Exploit https://github.com/zzzxc643/cve/blob/main/Banking_System.md

/ 100

low-risk

Severity 18/34 · Moderate

Exploitability 0/34 · Minimal

Exposure 5/34 · Minimal