CVE-2025-1606 MEDIUM

CVE-2025-1606: SourceCodester Best Employee Management System backups.php information disclosure

Vendor Sourcecodester

Product Best Employee Management System

Weakness CWE-200 · Info exposure

Published February 24, 2025

Last update February 24, 2025

View on NVD All CVEs

CVSS base score

5.3/10

Attack vector Network

Attack complexity Low

Privileges required Low

User interaction None

Confidentiality —

Integrity —

CVSS vector

CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N

What the vulnerability does

01Description

A vulnerability classified as problematic was found in SourceCodester Best Employee Management System 1.0. This vulnerability affects unknown code of the file /admin/backup/backups.php. The manipulation leads to information disclosure. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.

Key dates

02Disclosure timeline

February 24, 2025 CVE published

February 24, 2025 Record updated

External resources

03References

NVD — National Vulnerability Database https://nvd.nist.gov/vuln/detail/CVE-2025-1606 CWE — Common Weakness Enumeration https://cwe.mitre.org/data/definitions/200.html

Related vulnerabilities

04Related CVE

CVE-2023-43754 Permalink previews displayed for posts in archived channels even if users are disallowed to view archived channels CVE-2026-32631 Git for Windows: `git clone` from manipulated repositories can leak NTLM hashes to arbitrary servers CVE-2026-34244 Weblate: SSRF via Project-Level Machinery Configuration CVE-2026-41659 Admidio: Hidden Profile Field Values Leaked via Blind Search Oracle in Member Assignment CVE-2025-68438 Apache Airflow: Secrets in rendered templates could contain parts of sensitive values when truncated