CVE-2025-4068 – A critical stack-based buffer overflow vulnerab... (How to Fix)

Q: What is the severity of CVE-2025-4068?

CVE-2025-4068 has a CVSS score of 5.3 (MEDIUM). A critical stack-based buffer overflow vulnerability exists in the changeprize function of Simple Movie Ticket Booking System 1.0. This allows local attackers to execute arbitrary code or crash the system by manipulating the prize argument. Only systems running this specific software version are affected.

📋 TL;DR

A critical stack-based buffer overflow vulnerability exists in the changeprize function of Simple Movie Ticket Booking System 1.0. This allows local attackers to execute arbitrary code or crash the system by manipulating the prize argument. Only systems running this specific software version are affected.

💻 Affected Systems

Products:

Simple Movie Ticket Booking System

Versions: 1.0

Operating Systems: All platforms running the software

Default Config Vulnerable: ⚠️ Yes

Notes: Vulnerability requires local access to the system running the software.

📦 What is this software?

Simple Movie Ticket Booking System by Fabian

View all CVEs affecting Simple Movie Ticket Booking System →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Local privilege escalation leading to full system compromise, data theft, or persistent backdoor installation.

🟠

Likely Case

Application crash causing denial of service, or limited code execution within the application context.

🟢

If Mitigated

Minimal impact if proper access controls prevent local user exploitation.

🌐 Internet-Facing: LOW

🏢 Internal Only: HIGH

🎯 Exploit Status

Public PoC: ⚠️ Yes

Weaponized: LIKELY

Unauthenticated Exploit: ✅ No

Complexity: LOW

Exploit requires local access; public disclosure increases weaponization likelihood.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Unknown

Vendor Advisory: https://code-projects.org/

Restart Required: No

Instructions:

No official patch available. Check vendor website for updates or consider alternative software.

🔧 Temporary Workarounds

Remove or disable vulnerable software

linux

Uninstall Simple Movie Ticket Booking System 1.0 from affected systems.

sudo apt remove simple-movie-ticket-booking-system
sudo yum remove simple-movie-ticket-booking-system

Restrict local access

all

Implement strict access controls to prevent unauthorized local users from accessing the system.

🧯 If You Can't Patch

Implement network segmentation to isolate affected systems
Deploy endpoint protection with buffer overflow detection capabilities

🔍 How to Verify

Check if Vulnerable:

Check if Simple Movie Ticket Booking System 1.0 is installed: dpkg -l | grep movie-ticket or rpm -qa | grep movie-ticket

Check Version:

Check package version: dpkg -s simple-movie-ticket-booking-system | grep Version or rpm -qi simple-movie-ticket-booking-system | grep Version

Verify Fix Applied:

Verify software is removed or updated to a non-vulnerable version.

📡 Detection & Monitoring

Log Indicators:

Application crash logs
Unusual process termination
Buffer overflow warnings in system logs

Network Indicators:

No network indicators - local exploit only

SIEM Query:

Process termination events for movie ticket booking system OR buffer overflow alerts

📊 Metadata

CVE ID: CVE-2025-4068

CVSS v3 Score: 5.3 (MEDIUM)

CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L

CWE: CWE-119

EPSS Score: 0.03% exploit probability (8.2th percentile)

Published: April 29, 2025

Last Updated: October 23, 2025

🔗 References

https://code-projects.org/ Product
https://github.com/zzzxc643/cve/blob/main/MOVIE_TICKET_BOOKING_SYSTEM.md Exploit,Third Party Advisory
https://vuldb.com/?ctiid.306505 Permissions Required,VDB Entry
https://vuldb.com/?id.306505 Third Party Advisory,VDB Entry
https://vuldb.com/?submit.559479 Third Party Advisory,VDB Entry

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2025-4068, you might also want to check these: