CVE-2025-5893
BaseFortify
Publication date: 2025-06-09
Last updated on: 2025-06-09
Assigner: TWCERT/CC
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-497 | The product does not properly prevent sensitive system-level information from being accessed by unauthorized actors who do not have the same level of access to the underlying system as the product does. |
| CWE-256 | The product stores a password in plaintext within resources such as memory or files. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
CVE-2025-5893 is a critical vulnerability in the Smart Parking Management System (versions 1.0 to 1.4) that allows unauthenticated remote attackers to access a specific page exposing plaintext administrator credentials. This means attackers can obtain sensitive admin login information without needing any privileges or user interaction. [1, 2]
How can this vulnerability impact me? :
This vulnerability can lead to a severe security breach by exposing administrator credentials in plaintext to unauthenticated remote attackers. As a result, attackers can compromise the confidentiality, integrity, and availability of the system, potentially gaining full control and causing significant damage or disruption. [1, 2]
How can this vulnerability be detected on my network or system? Can you suggest some commands?
This vulnerability can be detected by attempting to access the specific page on the Smart Parking Management System versions 1.0 through 1.4 that exposes plaintext administrator credentials without authentication. Network scanning tools like curl or wget can be used to request this page and check if administrator credentials are returned in plaintext. For example, you can use a command like: curl -v http://<target-ip>/path_to_vulnerable_page and inspect the response for sensitive information. [1, 2]
What immediate steps should I take to mitigate this vulnerability?
The immediate recommended mitigation is to update the Smart Parking Management System to version 1.5 or later, which addresses this vulnerability. Until the update can be applied, restrict network access to the vulnerable system to trusted users only, and monitor for any unauthorized access attempts. [1, 2]