CVE-2025-10398

Summary

A security flaw has been discovered in fcba_zzm ics-park Smart Park Management System 2.0. This vulnerability affects unknown code of the file FileUploadUtils.java. The manipulation of the argument File results in unrestricted upload. The attack can be launched remotely. The exploit has been released to the public and may be exploited.

Affected Software

VendorProductVersion RangeStatus
fcba_zzmics-park Smart Park Management System2.0affected

Weaknesses

  • CWE-434: Unrestricted Upload
  • CWE-284: Improper Access Controls

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: poc
    • Automatable: no
    • Technical Impact: partial

References