Login Sign Up

CVE-2025-4037

4.4 MEDIUM

📋 TL;DR

A critical business logic vulnerability in ATM Banking 1.0 allows attackers with local access to manipulate deposit/withdrawal functions, potentially enabling unauthorized financial transactions. This affects organizations using the vulnerable ATM Banking software for financial operations. Attackers must have local system access to exploit this vulnerability.

💻 Affected Systems

Products:
  • code-projects ATM Banking
Versions: 1.0
Operating Systems: Not specified, likely cross-platform
Default Config Vulnerable: ⚠️ Yes
Notes: Vulnerability exists in the core moneyDeposit/moneyWithdraw functions of the ATM Banking software.

📦 What is this software?

Atm Banking by Fabian

View all CVEs affecting Atm Banking →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete compromise of ATM functionality allowing unauthorized withdrawals, deposit manipulation, and financial fraud leading to significant monetary losses.

🟠

Likely Case

Unauthorized financial transactions, balance manipulation, and potential data integrity issues within the banking system.

🟢

If Mitigated

Limited impact with proper access controls, transaction monitoring, and network segmentation in place.

🌐 Internet-Facing: LOW - Local access required for exploitation, not directly exploitable over internet.
🏢 Internal Only: HIGH - Attackers with local access (malicious insiders, compromised workstations) can exploit this vulnerability.

🎯 Exploit Status

Public PoC: ⚠️ Yes
Weaponized: LIKELY
Unauthenticated Exploit: ✅ No
Complexity: LOW

Exploit details are publicly disclosed on GitHub, making exploitation straightforward for attackers with local access.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Not available

Vendor Advisory: https://code-projects.org/

Restart Required: No

Instructions:

No official patch available. Consider upgrading to a newer version if available or implementing workarounds.

🔧 Temporary Workarounds

Restrict Local Access

all

Implement strict access controls to limit who can access ATM Banking systems locally.

Network Segmentation

all

Isolate ATM Banking systems from general network access to reduce attack surface.

🧯 If You Can't Patch

  • Implement strict user access controls and principle of least privilege
  • Deploy application-level monitoring for suspicious deposit/withdrawal patterns

🔍 How to Verify

Check if Vulnerable:

Check if running ATM Banking version 1.0. Review system logs for unauthorized access to moneyDeposit/moneyWithdraw functions.

Check Version:

Check application documentation or configuration files for version information

Verify Fix Applied:

Verify no unauthorized modifications to deposit/withdrawal functions and monitor for abnormal transaction patterns.

📡 Detection & Monitoring

Log Indicators:

  • Unusual deposit/withdrawal patterns
  • Multiple failed authentication attempts
  • Unauthorized access to banking functions

Network Indicators:

  • Unusual local network traffic to ATM Banking system
  • Suspicious local connections

SIEM Query:

source="atm_banking.log" AND (event="moneyDeposit" OR event="moneyWithdraw") AND user NOT IN ["authorized_users"]

📊 Metadata

CVE ID: CVE-2025-4037
CVSS v3 Score: 4.4 (MEDIUM)
CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L
CWE: CWE-840
EPSS Score: 0.04% exploit probability (10.4th percentile)
Published: April 28, 2025
Last Updated: October 23, 2025

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2025-4037, you might also want to check these:

CVE-2022-32207 9.8

CVE-2022-32207 is a privilege escalation vulnerability in curl versions before 7.84.0 where file per...

Same vulnerability type (CWE-840)
CVE-2024-39671 9.3

This CVE describes an access control vulnerability in Huawei's security verification module that cou...

Same vulnerability type (CWE-840)
CVE-2023-6514 8.8

This vulnerability allows attackers to bypass Bluetooth authentication on certain Huawei Smart Scree...

Same vulnerability type (CWE-840)