Human Resource Management CVE-2025-2589
MEDIUMCVSS VectorNVD
CVSS:4.0/AV:A/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Lifecycle Timeline
3DescriptionNVD
A vulnerability was found in code-projects Human Resource Management System 1.0.1 and classified as critical. This issue affects the function Index of the file \handler\Account.go. The manipulation of the argument user_cookie leads to improper authorization. The exploit has been disclosed to the public and may be used.
AnalysisAI
A vulnerability was found in code-projects Human Resource Management System 1.0.1 and classified as critical.go. Rated medium severity (CVSS 5.1), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.
Technical ContextAI
This vulnerability is classified under CWE-266. A vulnerability was found in code-projects Human Resource Management System 1.0.1 and classified as critical.go. The manipulation of the argument user_cookie leads to improper authorization. The exploit has been disclosed to the public and may be used. Affected products include: Code-Projects Human Resource Management.
RemediationAI
No vendor patch is available at time of analysis. Monitor vendor advisories for updates. Apply vendor patches when available. Implement network segmentation and monitoring as interim mitigations.
Share
External POC / Exploit Code
Leaving vuln.today