CVE-2025-25775 – This vulnerability allows attackers to execute ... (How to Fix)

Q: What is the severity of CVE-2025-25775?

CVE-2025-25775 has a CVSS score of 9.8 (CRITICAL). This vulnerability allows attackers to execute arbitrary SQL commands via the kodetiket parameter in the Bus Ticket Booking System. Attackers can potentially access, modify, or delete database contents. All deployments of Codeastro Bus Ticket Booking System v1.0 are affected.

📋 TL;DR

This vulnerability allows attackers to execute arbitrary SQL commands via the kodetiket parameter in the Bus Ticket Booking System. Attackers can potentially access, modify, or delete database contents. All deployments of Codeastro Bus Ticket Booking System v1.0 are affected.

💻 Affected Systems

Products:

Codeastro Bus Ticket Booking System

Versions: v1.0

Operating Systems: Any OS running PHP with CodeIgniter

Default Config Vulnerable: ⚠️ Yes

Notes: Affects all deployments of v1.0 regardless of configuration

📦 What is this software?

Bus Ticket Booking System by Codeastro

View all CVEs affecting Bus Ticket Booking System →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete database compromise leading to data theft, data destruction, or full system takeover via SQL injection to RCE chaining

🟠

Likely Case

Unauthorized access to sensitive booking data, customer information, and potential privilege escalation

🟢

If Mitigated

Limited impact with proper input validation and parameterized queries in place

🌐 Internet-Facing: HIGH

🏢 Internal Only: MEDIUM

🎯 Exploit Status

Public PoC: ⚠️ Yes

Weaponized: LIKELY

Unauthenticated Exploit: ⚠️ Yes

Complexity: LOW

SQL injection via URL parameter requires minimal technical skill to exploit

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Not available

Vendor Advisory: Not available

Restart Required: No

Instructions:

No official patch available. Implement workarounds or migrate to alternative software.

🔧 Temporary Workarounds

Input Validation and Sanitization

all

Add server-side validation to sanitize kodetiket parameter before processing

Edit /BusTicket-CI/tiket/cekorder controller to add: $kodetiket = $this->input->post('kodetiket', TRUE); $kodetiket = $this->security->xss_clean($kodetiket);

WAF Rule Implementation

all

Deploy web application firewall rules to block SQL injection patterns

ModSecurity rule: SecRule ARGS:kodetiket "@detectSQLi" "id:1001,phase:2,deny,status:403"

🧯 If You Can't Patch

Isolate the vulnerable system behind a reverse proxy with strict input filtering
Implement network segmentation to limit database access from the application server

🔍 How to Verify

Check if Vulnerable:

Test /BusTicket-CI/tiket/cekorder endpoint with SQL injection payloads in kodetiket parameter

Check Version:

Check application files for version information or review source code comments

Verify Fix Applied:

Attempt SQL injection after implementing fixes and verify error responses or blocked requests

📡 Detection & Monitoring

Log Indicators:

Unusual SQL error messages in application logs
Multiple failed login attempts from single IP
Requests with SQL keywords in kodetiket parameter

Network Indicators:

Unusual database connection patterns
Outbound connections from application server to unexpected destinations

SIEM Query:

source="web_logs" AND ("UNION SELECT" OR "' OR '1'='1" OR "kodetiket=*'*")

📊 Metadata

CVE ID: CVE-2025-25775

CVSS v3 Score: 9.8 (CRITICAL)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CWE: CWE-89

EPSS Score: 0.1% exploit probability (26.9th percentile)

Published: April 25, 2025

Last Updated: May 28, 2025

🔗 References

https://codeastro.com/bus-ticket-booking-system-in-php-codeigniter-with-source-code/ Product
https://github.com/arunmodi/Vulnerability-Research/tree/main/CVE-2025-25775 Exploit,Third Party Advisory
https://github.com/arunmodi/Vulnerability-Research/tree/main/CVE-2025-25775 Exploit,Third Party Advisory

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2025-25775, you might also want to check these: