CVSS VectorNVD
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
Lifecycle Timeline
4DescriptionNVD
A vulnerability classified as critical has been found in code-projects Laundry System 1.0. This affects an unknown part of the file /data/. The manipulation leads to missing authentication. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used.
AnalysisAI
Critical authentication bypass vulnerability in code-projects Laundry System 1.0 affecting the /data/ endpoint, allowing unauthenticated remote attackers to read, modify, and potentially disrupt system availability. The vulnerability has been publicly disclosed with exploit code available, and while CVSS 7.3 indicates moderate-to-high severity, the network-based attack vector (AV:N), lack of privilege requirement (PR:N), and absence of user interaction (UI:N) make this immediately exploitable in production environments. Active exploitation is likely given public POC availability and the ease of attack execution.
Technical ContextAI
The vulnerability stems from a broken authentication mechanism (CWE-287: Improper Authentication) within the Laundry System application, specifically in the /data/ file handler. CWE-287 indicates the application fails to properly verify user identity before granting access to sensitive data endpoints. The affected product is code-projects Laundry System version 1.0 (CPE would be: cpe:2.3:a:code-projects:laundry_system:1.0:*:*:*:*:*:*:*). The vulnerability likely involves missing or inadequately enforced authentication checks at the HTTP API layer, potentially allowing direct file access or data manipulation without credentials. The 'unknown part' designation suggests either obfuscated code or widespread auth bypass affecting multiple data handling functions.
Share
External POC / Exploit Code
Leaving vuln.today
EUVD-2025-17615