Search
Find a vulnerability
Search criteria
ⓘ
Use this form to refine search results.
Full-text search supports keyword queries with ranking and filtering.
You can combine vendor, product, and sources to narrow results.
Enable “Apply ordering” to sort by date instead of relevance.
2 vulnerabilities found for ATM Banking by code-projects
CVE-2025-4037 (GCVE-0-2025-4037)
Vulnerability from cvelistv5 – Published: 2025-04-28 20:31 – Updated: 2025-04-28 22:27
VLAI
Title
code-projects ATM Banking moneyWithdraw logic error
Summary
A vulnerability was found in code-projects ATM Banking 1.0. It has been classified as critical. Affected is the function moneyDeposit/moneyWithdraw. The manipulation leads to business logic errors. Local access is required to approach this attack. The exploit has been disclosed to the public and may be used.
Severity
4.4 (Medium)
4.4 (Medium)
SSVC
Exploitation: poc
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-840 - Business Logic Errors
Assigner
References
5 references
| URL | Tags |
|---|---|
| https://vuldb.com/?id.306402 | vdb-entrytechnical-description |
| https://vuldb.com/?ctiid.306402 | signaturepermissions-required |
| https://vuldb.com/?submit.559303 | third-party-advisory |
| https://github.com/zzzxc643/cve/blob/main/ATM_Ban… | exploit |
| https://code-projects.org/ | product |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| code-projects | ATM Banking |
Affected:
1.0
|
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-4037",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-04-28T22:27:08.201198Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-04-28T22:27:22.810Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"references": [
{
"tags": [
"exploit"
],
"url": "https://github.com/zzzxc643/cve/blob/main/ATM_Banking.md"
}
],
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "ATM Banking",
"vendor": "code-projects",
"versions": [
{
"status": "affected",
"version": "1.0"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"value": "zzzxc (VulDB User)"
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability was found in code-projects ATM Banking 1.0. It has been classified as critical. Affected is the function moneyDeposit/moneyWithdraw. The manipulation leads to business logic errors. Local access is required to approach this attack. The exploit has been disclosed to the public and may be used."
},
{
"lang": "de",
"value": "Es wurde eine kritische Schwachstelle in code-projects ATM Banking 1.0 ausgemacht. Es geht dabei um die Funktion moneyDeposit/moneyWithdraw. Durch Manipulieren mit unbekannten Daten kann eine business logic errors-Schwachstelle ausgenutzt werden. Der Angriff hat dabei lokal zu erfolgen. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung."
}
],
"metrics": [
{
"cvssV4_0": {
"baseScore": 4.8,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:L/SC:N/SI:N/SA:N",
"version": "4.0"
}
},
{
"cvssV3_1": {
"baseScore": 4.4,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L",
"version": "3.1"
}
},
{
"cvssV3_0": {
"baseScore": 4.4,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L",
"version": "3.0"
}
},
{
"cvssV2_0": {
"baseScore": 3.2,
"vectorString": "AV:L/AC:L/Au:S/C:N/I:P/A:P",
"version": "2.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-840",
"description": "Business Logic Errors",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-04-28T20:31:04.297Z",
"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"shortName": "VulDB"
},
"references": [
{
"name": "VDB-306402 | code-projects ATM Banking moneyWithdraw logic error",
"tags": [
"vdb-entry",
"technical-description"
],
"url": "https://vuldb.com/?id.306402"
},
{
"name": "VDB-306402 | CTI Indicators (IOB, IOC, IOA)",
"tags": [
"signature",
"permissions-required"
],
"url": "https://vuldb.com/?ctiid.306402"
},
{
"name": "Submit #559303 | ATM Simulator Improper Input Validation in Financial Transactions v1 Improper Input Validation",
"tags": [
"third-party-advisory"
],
"url": "https://vuldb.com/?submit.559303"
},
{
"tags": [
"exploit"
],
"url": "https://github.com/zzzxc643/cve/blob/main/ATM_Banking.md"
},
{
"tags": [
"product"
],
"url": "https://code-projects.org/"
}
],
"timeline": [
{
"lang": "en",
"time": "2025-04-28T00:00:00.000Z",
"value": "Advisory disclosed"
},
{
"lang": "en",
"time": "2025-04-28T02:00:00.000Z",
"value": "VulDB entry created"
},
{
"lang": "en",
"time": "2025-04-28T08:54:55.000Z",
"value": "VulDB entry last update"
}
],
"title": "code-projects ATM Banking moneyWithdraw logic error"
}
},
"cveMetadata": {
"assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"assignerShortName": "VulDB",
"cveId": "CVE-2025-4037",
"datePublished": "2025-04-28T20:31:04.297Z",
"dateReserved": "2025-04-28T06:49:51.147Z",
"dateUpdated": "2025-04-28T22:27:22.810Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-4037 (GCVE-0-2025-4037)
Vulnerability from nvd – Published: 2025-04-28 20:31 – Updated: 2025-04-28 22:27
VLAI
Title
code-projects ATM Banking moneyWithdraw logic error
Summary
A vulnerability was found in code-projects ATM Banking 1.0. It has been classified as critical. Affected is the function moneyDeposit/moneyWithdraw. The manipulation leads to business logic errors. Local access is required to approach this attack. The exploit has been disclosed to the public and may be used.
Severity
4.4 (Medium)
4.4 (Medium)
SSVC
Exploitation: poc
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-840 - Business Logic Errors
Assigner
References
5 references
| URL | Tags |
|---|---|
| https://vuldb.com/?id.306402 | vdb-entrytechnical-description |
| https://vuldb.com/?ctiid.306402 | signaturepermissions-required |
| https://vuldb.com/?submit.559303 | third-party-advisory |
| https://github.com/zzzxc643/cve/blob/main/ATM_Ban… | exploit |
| https://code-projects.org/ | product |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| code-projects | ATM Banking |
Affected:
1.0
|
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-4037",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-04-28T22:27:08.201198Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-04-28T22:27:22.810Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"references": [
{
"tags": [
"exploit"
],
"url": "https://github.com/zzzxc643/cve/blob/main/ATM_Banking.md"
}
],
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "ATM Banking",
"vendor": "code-projects",
"versions": [
{
"status": "affected",
"version": "1.0"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"value": "zzzxc (VulDB User)"
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability was found in code-projects ATM Banking 1.0. It has been classified as critical. Affected is the function moneyDeposit/moneyWithdraw. The manipulation leads to business logic errors. Local access is required to approach this attack. The exploit has been disclosed to the public and may be used."
},
{
"lang": "de",
"value": "Es wurde eine kritische Schwachstelle in code-projects ATM Banking 1.0 ausgemacht. Es geht dabei um die Funktion moneyDeposit/moneyWithdraw. Durch Manipulieren mit unbekannten Daten kann eine business logic errors-Schwachstelle ausgenutzt werden. Der Angriff hat dabei lokal zu erfolgen. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung."
}
],
"metrics": [
{
"cvssV4_0": {
"baseScore": 4.8,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:L/SC:N/SI:N/SA:N",
"version": "4.0"
}
},
{
"cvssV3_1": {
"baseScore": 4.4,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L",
"version": "3.1"
}
},
{
"cvssV3_0": {
"baseScore": 4.4,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L",
"version": "3.0"
}
},
{
"cvssV2_0": {
"baseScore": 3.2,
"vectorString": "AV:L/AC:L/Au:S/C:N/I:P/A:P",
"version": "2.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-840",
"description": "Business Logic Errors",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-04-28T20:31:04.297Z",
"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"shortName": "VulDB"
},
"references": [
{
"name": "VDB-306402 | code-projects ATM Banking moneyWithdraw logic error",
"tags": [
"vdb-entry",
"technical-description"
],
"url": "https://vuldb.com/?id.306402"
},
{
"name": "VDB-306402 | CTI Indicators (IOB, IOC, IOA)",
"tags": [
"signature",
"permissions-required"
],
"url": "https://vuldb.com/?ctiid.306402"
},
{
"name": "Submit #559303 | ATM Simulator Improper Input Validation in Financial Transactions v1 Improper Input Validation",
"tags": [
"third-party-advisory"
],
"url": "https://vuldb.com/?submit.559303"
},
{
"tags": [
"exploit"
],
"url": "https://github.com/zzzxc643/cve/blob/main/ATM_Banking.md"
},
{
"tags": [
"product"
],
"url": "https://code-projects.org/"
}
],
"timeline": [
{
"lang": "en",
"time": "2025-04-28T00:00:00.000Z",
"value": "Advisory disclosed"
},
{
"lang": "en",
"time": "2025-04-28T02:00:00.000Z",
"value": "VulDB entry created"
},
{
"lang": "en",
"time": "2025-04-28T08:54:55.000Z",
"value": "VulDB entry last update"
}
],
"title": "code-projects ATM Banking moneyWithdraw logic error"
}
},
"cveMetadata": {
"assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"assignerShortName": "VulDB",
"cveId": "CVE-2025-4037",
"datePublished": "2025-04-28T20:31:04.297Z",
"dateReserved": "2025-04-28T06:49:51.147Z",
"dateUpdated": "2025-04-28T22:27:22.810Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}