CVE-2025-12223

CVSS v3.1

8.8

High

Vector

AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions Bdtask Flight Booking Software versions prior to 3.2

Description A flaw exists in Bdtask Flight Booking Software that allows for unrestricted file uploads. This issue affects the Package Information Module, specifically within the /b2c/package-information file. The attack can be initiated remotely. The details of the exploit have been publicly released. The vendor was notified but did not provide a response.

Recommendations Update Bdtask Flight Booking Software to version 3.2 or later.

Exploit

Fix

Improper Access Control

Unrestricted File Upload

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-284CWE-434

Related Identifiers

CVE-2025-12223

Affected Products

Bdtask Flight Booking

CVE-2025-12223

Weakness Enumeration

Related Identifiers

Affected Products

References · 10