CVE-2025-31122 CRITICAL

CVE-2025-31122: scratch-coding-hut.github.io Login Links Generation vulnerability

Vendor Scratch-Coding-Hut
Product Scratch-Coding-Hut
Weakness CWE-287 · Improper authentication
Published March 31, 2025
Last update March 31, 2025

CVSS base score

9.0/10
Attack vector Network
Attack complexity High
Privileges required None
User interaction
Confidentiality
Integrity

CVSS vector

CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:P/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H

What the vulnerability does

01Description

scratch-coding-hut.github.io is the website for Coding Hut. In 1.0-beta3 and earlier, the login link can be used to login to any account by changing the username in the username field.

Key dates

02Disclosure timeline

March 31, 2025 CVE published
March 31, 2025 Record updated