CVE-2025-10394 MEDIUM

CVE-2025-10394: fcba_zzm ics-park Smart Park Management System Scheduled Task JobController.java code injection

Vendor Fcba_Zzm

Product ics-park Smart Park Management System

Weakness CWE-94 · Code injection

Published September 14, 2025

Last update September 15, 2025

View on NVD All CVEs

CVSS base score

5.1/10

Attack vector Network

Attack complexity Low

Privileges required High

User interaction None

Confidentiality —

Integrity —

CVSS vector

CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P

What the vulnerability does

Description

A vulnerability has been found in fcba_zzm ics-park Smart Park Management System 2.0. Affected is an unknown function of the file ruoyi-quartz/src/main/java/com/ruoyi/quartz/controller/JobController.java of the component Scheduled Task Module. Such manipulation leads to code injection. The attack may be performed from remote. The exploit has been disclosed to the public and may be used.

Key dates

Disclosure timeline

September 14, 2025 CVE published

September 15, 2025 Record updated