Description
Incorrect access control in the KSRTC AWATAR app of Karnataka State Road Transport Corporation v1.3.0 allows to view sensitive information such as usernames and passwords.
References (3)
Core 3
Core References
Various Sources
https://github.com/advisories/GHSA-x2cr-cpw2-j9x5
Third Party Advisory
https://www.tenable.com/cve/CVE-2025-25381
Scores
CVSS v3
7.5
EPSS
0.0011
EPSS Percentile
29.1%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
CISA SSVC
Vulnrichment
Exploitation
poc
Automatable
yes
Technical Impact
partial
Details
CWE
CWE-284
Status
published
Published
Mar 06, 2025
Tracked Since
Feb 18, 2026