CVE-2025-5893 PUBLISHED

Honding Technology Smart Parking Management System - Exposure of Sensitive Information

Assigner: twcert
Reserved: 09.06.2025 Published: 09.06.2025 Updated: 09.06.2025

Smart Parking Management System from Honding Technology has an Exposure of Sensitive Information vulnerability, allowing unauthenticated remote attackers to access a specific page and obtain plaintext administrator credentials.

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
CVSS Score: 9.8

Attack Vector	Network	Scope	Unchanged
Attack Complexity	Low	Confidentiality Impact	High
Privileges Required	None	Integrity Impact	High
User Interaction	None	Availability Impact	High

CVSS 3.1

CVSS Vector: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
CVSS Score: 9.3

Exploitability Metrics		Vulnerable System Impact Metrics		Subsequent System Impact Metrics
Attack Vector	Network	Confidentiality	High	Confidentiality	None
Attack Complexity	Low	Integrity	High	Integrity	None
Attack Requirements	None	Availability	High	Availability	None
Privileges Required	None
User Interaction	None

CVSS 4.0

Product Status

Vendor	Honding Technology
Product	Smart Parking Management System
Versions	Default: unaffected affected from 1.0 to 1.4 (incl.)

Solutions

Update to version 1.5 or later

References

Problem Types

CWE-497 Exposure of Sensitive System Information to an Unauthorized Control Sphere CWE
CWE-256 Plaintext Storage of a Password CWE

Impacts

CAPEC-37 Retrieve Embedded Sensitive Data