CVE-2025-9843
BaseFortify
Publication date: 2025-09-03
Last updated on: 2025-10-20
Assigner: VulDB
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| das | parking_management_system | 6.2.0 |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-284 | The product does not restrict or incorrectly restricts access to a resource from an unauthorized actor. |
| CWE-200 | The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information. |
| CWE-NVD-CWE-noinfo |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
CVE-2025-9843 is an information disclosure vulnerability in Das Parking Management System version 6.2.0. It affects an unknown function in the file /Operator/FindAll, where the system's API lacks proper access controls. This allows unauthenticated remote attackers to access sensitive operator data without authorization, exposing confidential information. [1, 2]
How can this vulnerability impact me? :
This vulnerability can lead to unauthorized disclosure of sensitive user or operator data, compromising confidentiality. Attackers can remotely exploit this flaw without authentication, potentially gaining access to private information. There is no impact on system integrity or availability, but the exposure of sensitive data poses a critical security risk. [1, 2]
How can this vulnerability be detected on my network or system? Can you suggest some commands?
This vulnerability can be detected by monitoring and testing access to the /Operator/FindAll API endpoint of Das Parking Management System version 6.2.0. Since the vulnerability allows unauthenticated remote access to sensitive data, you can attempt to send HTTP requests to this endpoint without authentication and observe if sensitive information is returned. For example, using curl: curl -v http://<target-ip-or-domain>/Operator/FindAll If the response contains sensitive operator data without requiring authentication, the system is vulnerable. Additionally, network monitoring tools can be used to detect unusual or unauthorized access attempts to this endpoint. [1, 2]
What immediate steps should I take to mitigate this vulnerability?
Immediate mitigation steps include restricting access to the /Operator/FindAll API endpoint by implementing proper authentication and authorization controls to prevent unauthenticated access. If possible, apply any available patches or updates from the vendor. Since no known countermeasures currently exist and the vulnerability cannot be easily fixed, it is recommended to replace the affected product with an alternative solution that does not have this vulnerability. Additionally, monitor network traffic for suspicious activity targeting this endpoint and consider blocking access from untrusted networks. [2]