CVE-2025-31122

CVSS v4.0

9.0

Critical

Vector

AV:N/AC:H/AT:P/PR:N/UI:P/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

Name of the Vulnerable Software and Affected Versions Coding Hut versions 1.0-beta3 and earlier

Description The issue allows an attacker to log in to any account by modifying the username field in the login link. This affects the login functionality of the website.

Recommendations For versions 1.0-beta3 and earlier, as a temporary workaround, consider restricting access to the login functionality until a patch is available. Avoid using the username field in the affected login link until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Exploit

Improper Authentication

Authentication Bypass by Spoofing

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-287CWE-290

Related Identifiers

CVE-2025-31122

GHSA-MMG3-567W-V9J2

Affected Products

Coding Hut

CVE-2025-31122

Weakness Enumeration

Related Identifiers

Affected Products

References · 9