{"dataType":"CVE_RECORD","dataVersion":"5.2","cveMetadata":{"cveId":"CVE-2025-12223","assignerOrgId":"1af790b2-7ee1-4545-860a-a788eba489b5","state":"PUBLISHED","assignerShortName":"VulDB","dateReserved":"2025-10-25T16:21:51.792Z","datePublished":"2025-10-27T04:32:07.968Z","dateUpdated":"2026-02-24T07:06:27.626Z"},"containers":{"cna":{"providerMetadata":{"orgId":"1af790b2-7ee1-4545-860a-a788eba489b5","shortName":"VulDB","dateUpdated":"2026-02-24T07:06:27.626Z"},"title":"Bdtask Flight Booking Software Package Information package-information unrestricted upload","problemTypes":[{"descriptions":[{"type":"CWE","cweId":"CWE-434","lang":"en","description":"Unrestricted Upload"}]},{"descriptions":[{"type":"CWE","cweId":"CWE-284","lang":"en","description":"Improper Access Controls"}]}],"affected":[{"vendor":"Bdtask","product":"Flight Booking Software","versions":[{"version":"3.0","status":"affected"},{"version":"3.1","status":"affected"}],"cpes":["cpe:2.3:a:bdtask:flight_booking_software:*:*:*:*:*:*:*:*"],"modules":["Package Information Module"]}],"descriptions":[{"lang":"en","value":"A vulnerability was detected in Bdtask Flight Booking Software up to 3.1. This affects an unknown part of the file /b2c/package-information of the component Package Information Module. The manipulation results in unrestricted upload. The attack can be launched remotely. The exploit is now public and may be used. The vendor was contacted early about this disclosure but did not respond in any way."}],"metrics":[{"cvssV4_0":{"version":"4.0","baseScore":5.3,"vectorString":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P","baseSeverity":"MEDIUM"}},{"cvssV3_1":{"version":"3.1","baseScore":6.3,"vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R","baseSeverity":"MEDIUM"}},{"cvssV3_0":{"version":"3.0","baseScore":6.3,"vectorString":"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R","baseSeverity":"MEDIUM"}},{"cvssV2_0":{"version":"2.0","baseScore":6.5,"vectorString":"AV:N/AC:L/Au:S/C:P/I:P/A:P/E:POC/RL:ND/RC:UR"}}],"timeline":[{"time":"2025-10-25T00:00:00.000Z","lang":"en","value":"Advisory disclosed"},{"time":"2025-10-25T02:00:00.000Z","lang":"en","value":"VulDB entry created"},{"time":"2025-11-21T22:53:47.000Z","lang":"en","value":"VulDB entry last update"}],"credits":[{"lang":"en","value":"4m3rr0r (VulDB User)","type":"reporter"},{"lang":"en","value":"4m3rr0r (VulDB User)","type":"analyst"},{"lang":"en","value":"VulDB","type":"coordinator"}],"references":[{"url":"https://vuldb.com/?id.329893","name":"VDB-329893 | Bdtask Flight Booking Software Package Information package-information unrestricted upload","tags":["vdb-entry","technical-description"]},{"url":"https://vuldb.com/?ctiid.329893","name":"VDB-329893 | CTI Indicators (IOB, IOC, TTP, IOA)","tags":["signature","permissions-required"]},{"url":"https://vuldb.com/?submit.673436","name":"Submit #673436 | Bdtask Flight Booking Software B2C Portal v3,1 Unrestricted File Upload","tags":["third-party-advisory"]},{"url":"https://github.com/4m3rr0r/PoCVulDb/blob/main/CVE-2025-12223.md","tags":["exploit"]}]},"adp":[{"metrics":[{"other":{"type":"ssvc","content":{"timestamp":"2025-10-27T20:05:12.509715Z","id":"CVE-2025-12223","options":[{"Exploitation":"poc"},{"Automatable":"no"},{"Technical Impact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}}],"title":"CISA ADP Vulnrichment","providerMetadata":{"orgId":"134c704f-9b21-4f2e-91b3-4a467353bcc0","shortName":"CISA-ADP","dateUpdated":"2025-10-27T20:05:20.283Z"}}]}}