How to fix CVE-2025-6116?

Within 24 hours: Isolate affected Das Parking Management System instances from production networks or restrict API access to trusted networks only; alert all users of the system to watch for suspicious activity. Within 7 days: Contact Das Parking vendor for patch availability timeline and deploy Web Application Firewall (WAF) rules to block SQL injection patterns on the /IntraFieldVehicle/Search endpoint; conduct database audit for unauthorized access. Within 30 days: Upgrade to patched version when available; implement input validation and parameterized queries if vendor guidance permits; perform full security assessment of the application.

Is Parking Management System affected by CVE-2025-6116?

A publicly disclosed SQL injection vulnerability affects Das Parking Management System 6.2.0, allowing remote attackers to potentially access or manipulate database records without authentication.

CVE-2025-6116

EUVD-2025-18383 HIGH

2025-06-16 [email protected]

SQLi Parking Management System

7.3

CVSS 3.1

CVSS VectorNVD

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L

Attack Vector

Network

Attack Complexity

Low

Privileges Required

None

User Interaction

None

Scope

Unchanged

Confidentiality

Low

Integrity

Low

Availability

Low

Lifecycle Timeline

Analysis Generated

Mar 14, 2026 - 21:59 vuln.today

EUVD ID Assigned

Mar 14, 2026 - 21:59 euvd

EUVD-2025-18383

CVE Published

Jun 16, 2025 - 10:15 nvd

HIGH 7.3

DescriptionNVD

A vulnerability was found in Das Parking Management System 停车场管理系统 6.2.0. It has been classified as critical. This affects an unknown part of the file /IntraFieldVehicle/Search of the component API. The manipulation of the argument Value leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used.

AnalysisAI

Critical SQL injection vulnerability in Das Parking Management System (停车场管理系统) version 6.2.0 affecting the /IntraFieldVehicle/Search API endpoint. An unauthenticated remote attacker can manipulate the 'Value' parameter to execute arbitrary SQL queries, potentially leading to unauthorized data access, modification, or deletion. The vulnerability has public exploit disclosure available and carries a CVSS score of 7.3 with demonstrated feasibility of remote exploitation.

Technical ContextAI

The vulnerability is classified as CWE-74 (Improper Neutralization of Special Elements in Output Used by a Downstream Component - 'Injection'). Das Parking Management System is a vehicle parking facility management application that exposes RESTful API endpoints for vehicle search operations. The /IntraFieldVehicle/Search endpoint fails to properly sanitize or parameterize the 'Value' query parameter before incorporating it into SQL queries, allowing classic SQL injection attacks. This is a direct result of inadequate input validation and lack of prepared statement usage in the API layer of the parking management application.

RemediationAI

IMMEDIATE: Disable or restrict access to the /IntraFieldVehicle/Search endpoint until patching is completed. 2) Apply vendor security patches to upgrade Das Parking Management System beyond version 6.2.0 (specific patch version not provided in available data - contact vendor directly or check official advisory). 3) INTERIM MITIGATION: Implement Web Application Firewall (WAF) rules to detect and block SQL injection patterns in the 'Value' parameter (common patterns: UNION, SELECT, OR 1=1, --, /**/). 4) INPUT VALIDATION: Implement strict allowlist validation for the 'Value' parameter accepting only expected character sets. 5) DATABASE HARDENING: Ensure database user credentials have minimal necessary privileges, implement query result pagination, and enable database query logging for audit trails. 6) Vendor contact: Reach out to Das Parking Management System vendor for official patch release timeline and security advisory details.

CVE-2025-6116 vulnerability details – vuln.today

Back