CVE-2025-9842
BaseFortify
Publication date: 2025-09-03
Last updated on: 2025-10-20
Assigner: VulDB
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| das | parking_management_system | 6.2.0 |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-284 | The product does not restrict or incorrectly restricts access to a resource from an unauthorized actor. |
| CWE-200 | The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information. |
| CWE-NVD-CWE-noinfo |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
CVE-2025-9842 is a vulnerability in Das Parking Management System version 6.2.0 that allows unauthorized remote attackers to access sensitive information without authentication. The issue arises from improper authentication controls in the system's API, where attackers can reuse historical tokens obtained from a demo site to bypass login and retrieve account credentials for all users. This leads to sensitive data exposure through an unknown function in the /Operator/Search file. [1, 2]
How can this vulnerability impact me? :
This vulnerability can impact you by allowing attackers to remotely access sensitive information, including account credentials, without needing valid login credentials. This compromises the confidentiality of your data and could lead to unauthorized access to user accounts and potentially further exploitation of the system. [1, 2]
How can this vulnerability be detected on my network or system? Can you suggest some commands?
This vulnerability can be detected by monitoring unauthorized access attempts to the /Operator/Search API endpoint of Das Parking Management System version 6.2.0. Since exploitation involves reuse of historical tokens to bypass authentication, inspecting API requests for suspicious or reused tokens could help detect exploitation. Additionally, using network monitoring tools to identify unusual remote requests to the /Operator/Search path may indicate attempts to exploit the vulnerability. Specific commands are not provided in the resources, but general approaches include using tools like curl or wget to test access to /Operator/Search without authentication, or employing network traffic analysis tools (e.g., tcpdump, Wireshark) to monitor for suspicious API calls. [1, 2]
What immediate steps should I take to mitigate this vulnerability?
No known countermeasures or mitigations have been identified for this vulnerability. The suggested immediate step is to replace the affected product with an alternative solution. Since the exploit is public and allows unauthorized access without authentication, restricting network access to the affected system and monitoring for suspicious activity may help reduce risk until a fix or replacement is implemented. [2]