Skip to main content

Simple Car Rental System CVE-2025-60306

CRITICAL
Improper Access Control (CWE-284)
2025-10-10 cve@mitre.org
9.9
CVSS 3.1 · Vendor: mitre
Share

Severity by source

Vendor (mitre) PRIMARY
9.9 CRITICAL
AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H

Primary rating from Vendor (mitre) · only source for this CVE.

CVSS VectorVendor: mitre

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
Attack Vector
Network
Attack Complexity
Low
Privileges Required
Low
User Interaction
None
Scope
Changed
Confidentiality
High
Integrity
High
Availability
High

Lifecycle Timeline

1
Analysis Generated
Jul 05, 2026 - 02:51 vuln.today

DescriptionCVE.org

code-projects Simple Car Rental System 1.0 has a permission bypass issue where low privilege users can forge high privilege sessions and perform sensitive operations.

AnalysisAI

Privilege escalation in code-projects Simple Car Rental System 1.0 lets an authenticated low-privilege user forge a high-privilege (administrator) session and invoke sensitive operations reserved for privileged accounts. The flaw is a broken access-control / authentication-bypass issue (CWE-284) with a publicly available exploit, though it is not listed in CISA KEV and carries a low EPSS probability (0.38%, 30th percentile), indicating limited real-world exploitation to date. Any user able to authenticate at a basic level can effectively take over administrative functionality.

Share

CVE-2025-60306 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy