CVE-2025-10398 MEDIUM

CVE-2025-10398: fcba_zzm ics-park Smart Park Management System FileUploadUtils.java unrestricted upload

Vendor Fcba_Zzm

Product ics-park Smart Park Management System

Weakness CWE-434 · Unrestricted file upload

Published September 14, 2025

Last update September 15, 2025

View on NVD All CVEs

CVSS base score

5.3/10

Attack vector Network

Attack complexity Low

Privileges required Low

User interaction None

Confidentiality —

Integrity —

CVSS vector

CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P

What the vulnerability does

Description

A security flaw has been discovered in fcba_zzm ics-park Smart Park Management System 2.0. This vulnerability affects unknown code of the file FileUploadUtils.java. The manipulation of the argument File results in unrestricted upload. The attack can be launched remotely. The exploit has been released to the public and may be exploited.

Key dates

Disclosure timeline

September 14, 2025 CVE published

September 15, 2025 Record updated