{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2025-41100", "assignerOrgId": "0cbda920-cd7f-484a-8e76-bf7f4b7f4516", "state": "PUBLISHED", "assignerShortName": "INCIBE", "dateReserved": "2025-04-16T09:09:37.997Z", "datePublished": "2025-07-21T12:47:37.305Z", "dateUpdated": "2025-07-21T13:06:59.870Z"}, "containers": {"cna": {"affected": [{"defaultStatus": "unaffected", "product": "ParkingDoor", "vendor": "ParkingDoor", "versions": [{"status": "affected", "version": "2016.08.11.1"}]}], "credits": [{"lang": "en", "type": "finder", "value": "Carlos Galean"}], "datePublic": "2025-07-21T10:00:00.000Z", "descriptions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "Incorrect authentication vulnerability in ParkingDoor. Through this vulnerability it is possible to operate the device without the access being logged in the application and even if the access permissions have been revoked."}], "value": "Incorrect authentication vulnerability in ParkingDoor. Through this vulnerability it is possible to operate the device without the access being logged in the application and even if the access permissions have been revoked."}], "metrics": [{"cvssV4_0": {"Automatable": "NOT_DEFINED", "Recovery": "NOT_DEFINED", "Safety": "NOT_DEFINED", "attackComplexity": "HIGH", "attackRequirements": "NONE", "attackVector": "ADJACENT", "baseScore": 5.9, "baseSeverity": "MEDIUM", "privilegesRequired": "LOW", "providerUrgency": "NOT_DEFINED", "subAvailabilityImpact": "NONE", "subConfidentialityImpact": "NONE", "subIntegrityImpact": "NONE", "userInteraction": "NONE", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:A/AC:H/AT:N/PR:L/UI:N/VC:L/VI:H/VA:L/SC:N/SI:N/SA:N", "version": "4.0", "vulnAvailabilityImpact": "LOW", "vulnConfidentialityImpact": "LOW", "vulnIntegrityImpact": "HIGH", "vulnerabilityResponseEffort": "NOT_DEFINED"}, "format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "problemTypes": [{"descriptions": [{"cweId": "CWE-1284", "description": "CWE-1284 Improper Validation of Specified Quantity in Input", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"orgId": "0cbda920-cd7f-484a-8e76-bf7f4b7f4516", "shortName": "INCIBE", "dateUpdated": "2025-07-21T12:47:37.305Z"}, "references": [{"url": "https://www.incibe.es/en/incibe-cert/notices/aviso/incorrect-authentication-parkingdoor"}], "source": {"discovery": "EXTERNAL"}, "title": "Incorrect authentication in ParkingDoor", "x_generator": {"engine": "Vulnogram 0.2.0"}}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2025-07-21T13:06:55.258431Z", "id": "CVE-2025-41100", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-07-21T13:06:59.870Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2025-41100", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2025-07-21T13:06:55.258431Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-07-21T13:06:57.204Z"}}], "cna": {"title": "Incorrect authentication in ParkingDoor", "source": {"discovery": "EXTERNAL"}, "credits": [{"lang": "en", "type": "finder", "value": "Carlos Galean"}], "metrics": [{"format": "CVSS", "cvssV4_0": {"Safety": "NOT_DEFINED", "version": "4.0", "Recovery": "NOT_DEFINED", "baseScore": 5.9, "Automatable": "NOT_DEFINED", "attackVector": "ADJACENT", "baseSeverity": "MEDIUM", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:A/AC:H/AT:N/PR:L/UI:N/VC:L/VI:H/VA:L/SC:N/SI:N/SA:N", "providerUrgency": "NOT_DEFINED", "userInteraction": "NONE", "attackComplexity": "HIGH", "attackRequirements": "NONE", "privilegesRequired": "LOW", "subIntegrityImpact": "NONE", "vulnIntegrityImpact": "HIGH", "subAvailabilityImpact": "NONE", "vulnAvailabilityImpact": "LOW", "subConfidentialityImpact": "NONE", "vulnConfidentialityImpact": "LOW", "vulnerabilityResponseEffort": "NOT_DEFINED"}, "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "affected": [{"vendor": "ParkingDoor", "product": "ParkingDoor", "versions": [{"status": "affected", "version": "2016.08.11.1"}], "defaultStatus": "unaffected"}], "datePublic": "2025-07-21T10:00:00.000Z", "references": [{"url": "https://www.incibe.es/en/incibe-cert/notices/aviso/incorrect-authentication-parkingdoor"}], "x_generator": {"engine": "Vulnogram 0.2.0"}, "descriptions": [{"lang": "en", "value": "Incorrect authentication vulnerability in ParkingDoor. Through this vulnerability it is possible to operate the device without the access being logged in the application and even if the access permissions have been revoked.", "supportingMedia": [{"type": "text/html", "value": "Incorrect authentication vulnerability in ParkingDoor. Through this vulnerability it is possible to operate the device without the access being logged in the application and even if the access permissions have been revoked.", "base64": false}]}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-1284", "description": "CWE-1284 Improper Validation of Specified Quantity in Input"}]}], "providerMetadata": {"orgId": "0cbda920-cd7f-484a-8e76-bf7f4b7f4516", "shortName": "INCIBE", "dateUpdated": "2025-07-21T12:47:37.305Z"}}}, "cveMetadata": {"cveId": "CVE-2025-41100", "state": "PUBLISHED", "dateUpdated": "2025-07-21T13:06:59.870Z", "dateReserved": "2025-04-16T09:09:37.997Z", "assignerOrgId": "0cbda920-cd7f-484a-8e76-bf7f4b7f4516", "datePublished": "2025-07-21T12:47:37.305Z", "assignerShortName": "INCIBE"}, "dataVersion": "5.1"}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "Incorrect authentication vulnerability in ParkingDoor. Through this vulnerability it is possible to operate the device without the access being logged in the application and even if the access permissions have been revoked."}], "id": "CVE-2025-41100", "lastModified": "2025-07-22T13:06:07.260", "metrics": {"cvssMetricV40": [{"cvssData": {"Automatable": "NOT_DEFINED", "Recovery": "NOT_DEFINED", "Safety": "NOT_DEFINED", "attackComplexity": "HIGH", "attackRequirements": "NONE", "attackVector": "ADJACENT", "availabilityRequirement": "NOT_DEFINED", "baseScore": 5.9, "baseSeverity": "MEDIUM", "confidentialityRequirement": "NOT_DEFINED", "exploitMaturity": "NOT_DEFINED", "integrityRequirement": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedSubAvailabilityImpact": "NOT_DEFINED", "modifiedSubConfidentialityImpact": "NOT_DEFINED", "modifiedSubIntegrityImpact": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedVulnAvailabilityImpact": "NOT_DEFINED", "modifiedVulnConfidentialityImpact": "NOT_DEFINED", "modifiedVulnIntegrityImpact": "NOT_DEFINED", "privilegesRequired": "LOW", "providerUrgency": "NOT_DEFINED", "subAvailabilityImpact": "NONE", "subConfidentialityImpact": "NONE", "subIntegrityImpact": "NONE", "userInteraction": "NONE", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:A/AC:H/AT:N/PR:L/UI:N/VC:L/VI:H/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "version": "4.0", "vulnAvailabilityImpact": "LOW", "vulnConfidentialityImpact": "LOW", "vulnIntegrityImpact": "HIGH", "vulnerabilityResponseEffort": "NOT_DEFINED"}, "source": "cve-coordination@incibe.es", "type": "Secondary"}]}, "published": "2025-07-21T13:15:26.910", "references": [{"source": "cve-coordination@incibe.es", "url": "https://www.incibe.es/en/incibe-cert/notices/aviso/incorrect-authentication-parkingdoor"}], "sourceIdentifier": "cve-coordination@incibe.es", "vulnStatus": "Awaiting Analysis", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-1284"}], "source": "cve-coordination@incibe.es", "type": "Primary"}]}

{}

{}