What is CVE-2025-1187?

A critical vulnerability in the code-projects Police FIR Record Management System 1.0 allows for stack-based buffer overflow. Attackers must exploit this locally, making it essential for organizations to act swiftly to mitigate the risk.

What is the severity of CVE-2025-1187?

CVE-2025-1187 has a severity rating of MEDIUM with a CVSS base score of 4.8.

CVE-2025-1187 | Medium Vulnerability in code-projects Police FIR Record Management System

A vulnerability classified as critical was found in code-projects Police FIR Record Management System 1.0. Affected by this vulnerability is an unknown functionality of the component Delete Record Handler. The manipulation leads to stack-based buffer overflow. Attacking locally is a requirement. The exploit has been disclosed to the public and may be used.

Given the nature of this vulnerability, it carries a medium severity level with a CVSS score of 4.8. Organizations using this system face risks associated with local exploitation, which could lead to unauthorized access or manipulation of sensitive data.

Organizations should prioritize patching immediately to reduce exposure to potential attacks. Given the public disclosure of the exploit, it is crucial for defenders to assess their environments for this vulnerability.

The urgency for remediation is underscored by the vulnerability's ability to impact confidentiality, integrity, and availability, all rated as low in the CVSS score.

Vulnerability Details

This vulnerability allows for stack-based buffer overflow in the Delete Record Handler component of the Police FIR Record Management System. The CVSS version 4.0 score is 4.8, indicating medium severity. The vulnerability was published on February 12, 2025.

Affected product: Police FIR Record Management System, Vendor: code-projects.

Technical Analysis

The root cause of this vulnerability stems from improper handling of user input in the Delete Record Handler, leading to a stack-based buffer overflow. The attack vector is local, requiring low complexity, and only low privileges are needed to exploit it. No user interaction is necessary for the attack to succeed.

The impacts on the confidentiality, integrity, and availability of the system are rated as low, but successful exploitation could still result in significant unauthorized access to sensitive data.

Risk & Impact Analysis

Risk to organizations includes potential unauthorized access to sensitive data and system manipulation. The vulnerability’s scope is unchanged, and the exploitation could have a blast radius affecting other local applications.

Given the medium CVSS score and the fact that it is not included in the KEV catalog, organizations should schedule remediation but are not required to act immediately. However, the vulnerability's local nature means that organizations should assess their local security posture.

Signal	Status
Known Exploit	No
Public PoC	No
Actively Exploited	No
Ransomware Use	No

Affected Versions

The affected version is Police FIR Record Management System 1.0. Organizations should upgrade to the latest version to mitigate this vulnerability.

Mitigation & Remediation

Organizations should prioritize patching immediately. It is essential to check for updates from the vendor, code-projects, and apply the latest security patches. Additionally, organizations may consider implementing network controls and monitoring solutions to detect any unauthorized access attempts.

For further guidance on effective security practices, organizations can refer to resources such as the penetration testing methodology for assessing their security posture.

Detection Guidance

To detect exploitation attempts, organizations should monitor logs for unusual activity related to the Delete Record Handler component. Behavioral anomalies, such as unexpected application crashes or unauthorized record deletions, should also be flagged for review.

AppSecure Threat Intelligence Insight

The long-term significance of this vulnerability reflects the importance of secure coding practices in application development. Security teams should take this opportunity to review their code review processes and implement training to prevent similar vulnerabilities in the future.

Understanding how to mitigate risks associated with local vulnerabilities is vital. Organizations can benefit from adopting a comprehensive application security assessment strategy tailored to their unique environment.

For continuous improvement in security measures, organizations should also consider engaging in continuous penetration testing to identify and address vulnerabilities proactively.

Finally, organizations should remain vigilant by following trends in vulnerability exposure, as highlighted in the latest 2025 vulnerability exposure severity trends report.

Disclaimer: This content was generated using AI. While we strive for accuracy, please verify critical information with official sources.

CVE ID	Title	Severity	Vulnerability Type	Published
CVE-2025-65418	CVE-2025-65418: High Vulnerability in docuFORM Managed Print Service Client	HIGH	Path Traversal	May 11, 2026
CVE-2025-65417	CVE-2025-65417: Medium Vulnerability in docuFORM Managed Print Service Client	MEDIUM	XSS	May 11, 2026
CVE-2025-65416	CVE-2025-65416: Medium Vulnerability in docuFORM Managed Print Service Client	MEDIUM	Unrestricted File Upload	May 11, 2026
CVE-2025-65415	CVE-2025-65415: Medium Vulnerability in docuFORM Managed Print Service Client	MEDIUM	Session Fixation	May 11, 2026
CVE-2025-61314	CVE-2025-61314: High Vulnerability in GmbH Mecury Managed Print Services	HIGH	XSS	May 11, 2026

CVE-2025-1187: Medium Vulnerability in code-projects Police FIR Record Management System