CVE-2025-9842
Unknown Unknown - Not Provided
BaseFortify

Publication date: 2025-09-03

Last updated on: 2025-10-20

Assigner: VulDB

Description
A vulnerability was detected in Das Parking Management System 停车场管理系统 6.2.0. This impacts an unknown function of the file /Operator/Search. The manipulation results in information disclosure. The attack may be performed from remote. The exploit is now public and may be used.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2025-09-03
Last Modified
2025-10-20
Generated
2026-06-16
AI Q&A
2025-09-03
EPSS Evaluated
2026-06-15
NVD
CVE-2025-9842
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
das parking_management_system 6.2.0
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-NVD-CWE-noinfo
CWE-200 The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.
CWE-284 The product does not restrict or incorrectly restricts access to a resource from an unauthorized actor.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

CVE-2025-9842 is a vulnerability in Das Parking Management System version 6.2.0 that allows unauthorized remote attackers to access sensitive information without authentication. The issue arises from improper authentication controls in the system's API, where attackers can reuse historical tokens obtained from a demo site to bypass login and retrieve account credentials for all users. This leads to sensitive data exposure through an unknown function in the /Operator/Search file. [1, 2]

Impact Analysis

This vulnerability can impact you by allowing attackers to remotely access sensitive information, including account credentials, without needing valid login credentials. This compromises the confidentiality of your data and could lead to unauthorized access to user accounts and potentially further exploitation of the system. [1, 2]

Detection Guidance

This vulnerability can be detected by monitoring unauthorized access attempts to the /Operator/Search API endpoint of Das Parking Management System version 6.2.0. Since exploitation involves reuse of historical tokens to bypass authentication, inspecting API requests for suspicious or reused tokens could help detect exploitation. Additionally, using network monitoring tools to identify unusual remote requests to the /Operator/Search path may indicate attempts to exploit the vulnerability. Specific commands are not provided in the resources, but general approaches include using tools like curl or wget to test access to /Operator/Search without authentication, or employing network traffic analysis tools (e.g., tcpdump, Wireshark) to monitor for suspicious API calls. [1, 2]

Mitigation Strategies

No known countermeasures or mitigations have been identified for this vulnerability. The suggested immediate step is to replace the affected product with an alternative solution. Since the exploit is public and allows unauthorized access without authentication, restricting network access to the affected system and monitoring for suspicious activity may help reduce risk until a fix or replacement is implemented. [2]

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2025-9842. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart