Is there a public PoC exploit available for CVE-2025-12283?

Yes, a public proof-of-concept exploit is available for CVE-2025-12283. Prioritise patching immediately. EPSS: 0.0%.

Client Details System CVE-2025-12283

Q: What is the CVSS score of CVE-2025-12283?

CVE-2025-12283 has a CVSS 4.0 base score of 2.1 (Low). CVSS vector: CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X. EPSS exploitation probability: 0.0%.

LOW

Improper Authorization (CWE-285)

2025-10-27 cna@vuldb.com

Authentication Bypass Client Details System

2.1

CVSS 4.0 · NVD

Severity by source

NVD PRIMARY

2.1 LOW

CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

Attack Vector

Network

Attack Complexity

Low

Privileges Required

Low

User Interaction

None

Scope

Lifecycle Timeline

Analysis Generated

Apr 29, 2026 - 01:36 vuln.today

DescriptionCVE.org

A security flaw has been discovered in code-projects Client Details System 1.0. The impacted element is an unknown function. The manipulation results in authorization bypass. The attack can be launched remotely. The exploit has been released to the public and may be exploited.

AnalysisAI

Authentication bypass in code-projects Client Details System 1.0 allows authenticated remote attackers to gain unauthorized access to protected functionality via an unknown vector. The vulnerability has publicly available exploit code but is rated low-risk due to CVSS 2.1 score and 0.01% EPSS, indicating limited real-world exploitation potential despite remote attack capability.

Technical ContextAI

Client Details System 1.0 contains an authorization flaw classified under CWE-285 (Improper Authorization), a design weakness in access control mechanisms. The vulnerability affects an unidentified function within the application, suggesting the authorization bypass occurs at the application logic layer rather than a well-known framework or protocol. The CVSSv4 vector indicates the flaw is accessible over the network with low complexity and no user interaction required, but exploitation requires authenticated access (PR:L), meaning a valid user account is necessary. The minimal confidentiality impact (VC:L) and absence of integrity or availability impact suggests this bypass grants access to sensitive data rather than system compromise.

RemediationAI

No vendor-released patch has been identified at time of analysis. Contact the application vendor (Fabian/code-projects) through https://code-projects.org/ to request a security update addressing the authorization bypass in the unknown function. As interim controls, implement network segmentation to restrict Client Details System 1.0 access to trusted users only, enforce strong password policies to reduce credential compromise risk, enable logging and monitoring of authentication and authorization events to detect unauthorized access attempts, and consider implementing Web Application Firewall (WAF) rules if the bypass vector becomes publicly disclosed. If the application handles sensitive personal or financial data, prioritize upgrading or replacing this system with a more actively maintained alternative, as version 1.0 shows limited active vendor support.

CVE-2025-12283 vulnerability details – vuln.today

Back