CVE-2025-4556: ZONG YU Okcat Parking Management Platform - Arbitrary File Upload

9.8 CVSS

Description

The web management interface of Okcat Parking Management Platform from ZONG YU has an Arbitrary File Upload vulnerability, allowing unauthenticated remote attackers to upload and execute web shell backdoors, thereby enabling arbitrary code execution on the server.

Classification

CVE ID: CVE-2025-4556

CVSS Base Severity: CRITICAL

CVSS Base Score: 9.8

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Problem Types

CWE-434 Unrestricted Upload of File with Dangerous Type

Affected Products

Vendor: ZONG YU

Product: Okcat Parking Management Platform

Exploit Prediction Scoring System (EPSS)

EPSS Score: 0.25% (probability of being exploited)

EPSS Percentile: 48.52% (scored less or equal to compared to others)

EPSS Date: 2025-06-07 (when was this score calculated)

References

https://nvd.nist.gov/vuln/detail/CVE-2025-4556
https://www.twcert.org.tw/tw/cp-132-10110-114f0-1.html
https://www.twcert.org.tw/en/cp-139-10111-b78e6-2.html

Timeline

2025-05-12 03:40:12 UTC
CVE

ZONG YU Okcat Parking Management Platform - Arbitrary File Upload