Cyber Resilience

CVE-2025-2388

Medium

Published: 17 March 2025

Published
17 March 2025
Modified
15 April 2026
KEV Added
Patch
CVSS Score v4 6.9 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
EPSS Score 0.0021 43.7th percentile
Risk Priority 14 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2025-2388 is a medium-severity Improper Authentication (CWE-287) vulnerability. Its CVSS base score is 6.9 (Medium).

Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked at the 43.7th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.

The strongest mitigations our analysis identified are NIST 800-53 AC-3 (Access Enforcement) and IA-8 (Identification and Authentication (Non-organizational Users)).

Deeper analysis

CVE-2025-2388 is a critical improper authentication vulnerability (CWE-287) in Keytop 路内停车收费系统 version 2.7.1. The issue affects an unknown functionality within the API component, specifically the file /saas/commonApi/park/getParks. Published on 2025-03-17, it carries a CVSS v3.1 base score of 7.3 (AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L).

Remote attackers can exploit this vulnerability without user interaction or privileges, requiring only low complexity over the network. Manipulation of the affected endpoint bypasses authentication, potentially enabling limited impacts on confidentiality, integrity, and availability.

Advisories and additional details, including the publicly disclosed exploit, are available at VulDB entries (https://vuldb.com/?ctiid.299887, https://vuldb.com/?id.299887, https://vuldb.com/?submit.516710) and the GitHub wiki (https://github.com/K-mxredo/MXdocument/wiki). The exploit has been disclosed to the public and may be used.

EU & UK References

Vulnerability details

A vulnerability was found in Keytop 路内停车收费系统 2.7.1. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file /saas/commonApi/park/getParks of the component API. The manipulation leads to improper authentication. The attack can be…

more

launched remotely. The exploit has been disclosed to the public and may be used.

CWE(s)

Related Threats

MITRE ATT&CK Enterprise TechniquesAI

T1190 Exploit Public-Facing Application Initial Access
Adversaries may attempt to exploit a weakness in an Internet-facing host or system to initially access a network.
Why these techniques?

The CVE describes an improper authentication vulnerability (CWE-287) in a publicly accessible API endpoint (/saas/commonApi/park/getParks) that allows remote attackers to bypass authentication with no privileges or user interaction. This directly enables initial access by exploiting a public-facing application.

Confidence: HIGH · MITRE ATT&CK Enterprise v19.0

CVEs Like This One

CVE-2025-71279Shared CWE-287
CVE-2024-13804Shared CWE-287
CVE-2024-57046Shared CWE-287
CVE-2026-1203Shared CWE-287
CVE-2026-1740Shared CWE-287
CVE-2025-43995Shared CWE-287
CVE-2026-7876Shared CWE-287
CVE-2025-0637Shared CWE-287
CVE-2025-61882Shared CWE-287
CVE-2026-0589Shared CWE-287

Affected Assets

Mitigating Controls

Mitigating Controls (NIST 800-53 r5) AI

prevent

Enforces approved authorizations for access to the API endpoint, directly preventing unauthorized manipulation that bypasses authentication.

prevent

Requires unique identification and authentication for non-organizational users or services accessing the remote SaaS API, mitigating the improper authentication vulnerability.

prevent

Validates inputs to the /saas/commonApi/park/getParks endpoint to block manipulative requests that exploit the authentication bypass.

References