Missing Authorization in Smart Parking Management System by Honding Technology
CVE-2025-5894

8.7HIGH

Key Information:

Vendor: Honding Technology
Status: Smart Parking Management System
Vendor: CVE Published:; 9 June 2025

🔔 Create Honding Technology Vulnerability Alert

What is CVE-2025-5894?

The Smart Parking Management System from Honding Technology has a vulnerability that allows remote attackers, even with regular user privileges, to exploit weaknesses in the authorization process. This oversight enables unauthorized individuals to create administrator accounts. By leveraging this flaw, attackers can gain elevated access and potentially compromise the entire system by logging in with newly created administrative credentials.

Affected Version(s)

Smart Parking Management System 1.0 <= 1.4

References

https://www.twcert.org.tw/tw/cp-132-10170-e2435-1.html

third-party-advisory

https://www.twcert.org.tw/en/cp-139-10171-44c0a-2.html

third-party-advisory

CVSS V4

Score:

8.7

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Attack Required:

None

Privileges Required:

Undefined

User Interaction:

None

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jun 9, 2025
Vulnerability Reserved
Jun 9, 2025