How to fix CVE-2025-6117?

Within 24 hours: Inventory all Das Parking Management System 6.2.0 instances in your environment and restrict API access to the /Reservations/Search endpoint to trusted networks only. Within 7 days: Deploy WAF rules to block SQL injection patterns in the 'Value' parameter and implement input validation monitoring; contact the vendor for patch timeline. Within 30 days: Develop a migration plan to upgrade to a patched version or replace the system; conduct forensic analysis of access logs for exploitation evidence.

Is Parking Management System affected by CVE-2025-6117?

A critical SQL injection vulnerability exists in Das Parking Management System 6.2.0 that allows remote attackers to compromise database integrity and access sensitive reservation data.

CVE-2025-6117

EUVD-2025-18389 HIGH

2025-06-16 [email protected]

SQLi Parking Management System

7.3

CVSS 3.1

CVSS VectorNVD

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L

Attack Vector

Network

Attack Complexity

Low

Privileges Required

None

User Interaction

None

Scope

Unchanged

Confidentiality

Low

Integrity

Low

Availability

Low

Lifecycle Timeline

Analysis Generated

Mar 14, 2026 - 21:59 vuln.today

EUVD ID Assigned

Mar 14, 2026 - 21:59 euvd

EUVD-2025-18389

CVE Published

Jun 16, 2025 - 10:15 nvd

HIGH 7.3

DescriptionNVD

A vulnerability was found in Das Parking Management System 停车场管理系统 6.2.0. It has been declared as critical. This vulnerability affects unknown code of the file /Reservations/Search of the component API. The manipulation of the argument Value leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used.

AnalysisAI

SQL injection vulnerability in Das Parking Management System (停车场管理系统) version 6.2.0 affecting the /Reservations/Search API endpoint. An unauthenticated remote attacker can manipulate the 'Value' parameter to execute arbitrary SQL queries, potentially leading to unauthorized data access, modification, or denial of service. Public exploit code is available and the vulnerability may be actively exploited in the wild.

Technical ContextAI

This vulnerability exists in a web-based parking management system API built with an unknown framework/language. The root cause is classified as CWE-74 (Improper Neutralization of Special Elements in Output Used by a Downstream Component / 'Injection'), which encompasses SQL injection. The /Reservations/Search endpoint fails to properly sanitize or parameterize the 'Value' input parameter before incorporating it into SQL queries. This is a classic first-order SQL injection vulnerability where user-supplied input is directly concatenated into dynamic SQL statements without using prepared statements or parameterized queries. The API is network-accessible with no authentication required (PR:N in CVSS vector), making this particularly dangerous for internet-exposed instances.

RemediationAI

Immediate actions: (1) Patch: Upgrade Das Parking Management System to a version released after this CVE disclosure (version information not yet publicly available from vendor); contact Das Parking support directly for security patch availability; (2) Workaround: Implement Web Application Firewall (WAF) rules to detect and block SQL injection patterns in the /Reservations/Search endpoint (monitor for SQL keywords like UNION, SELECT, DROP, INSERT in the 'Value' parameter); (3) Network mitigation: Restrict network access to the /Reservations/Search API to authorized networks/VPNs; implement rate limiting and input validation at the reverse proxy layer; (4) Detection: Audit database logs for suspicious SQL queries and enable query logging if not already active; (5) Code fix if patch unavailable: Implement parameterized queries/prepared statements for all SQL operations; use ORM frameworks with built-in SQL injection protections; apply input whitelisting for the 'Value' parameter based on expected formats (alphanumeric, specific delimiters only). Monitor vendor (Das Parking) official channels and CVE databases for official patches.

CVE-2025-6117 vulnerability details – vuln.today

Back