CVE-2025-9310

low-risk
Published 2025-08-21

A vulnerability was determined in yeqifu carRental up to 3fabb7eae93d209426638863980301d6f99866b3. Affected by this vulnerability is an unknown functionality of the file /carRental_war/druid/login.html of the component Druid. Executing manipulation can lead to hard-coded credentials. The attack may be launched remotely. The exploit has been publicly disclosed and may be utilized. This product operates on a rolling release basis, ensuring continuous delivery. Consequently, there are no version details for either affected or updated releases.

Do I need to act?

-
0.05% chance of exploitation
EPSS score — low exploit probability
-
Not on CISA KEV list
No confirmed active exploitation reported to CISA
?
Patch status unknown
Check vendor advisories for fix availability and mitigation guidance
5
CVSS 5.3/10 Medium
NETWORK / LOW complexity

Affected Products (1)

Carrental

Affected Vendors

Carrental Project

References (5)

Exploit https://github.com/caigo8/CVE-md/blob/main/carRentalV1.0/druid%E6%9C%AA%E6%8E%88...
Permissions Required https://vuldb.com/?ctiid.320915
Third Party Advisory https://vuldb.com/?id.320915
Third Party Advisory https://vuldb.com/?submit.633588
Exploit https://github.com/caigo8/CVE-md/blob/main/carRentalV1.0/druid%E6%9C%AA%E6%8E%88...
26
/ 100
low-risk
Severity 21/34 · High
Exploitability 0/34 · Minimal
Exposure 5/34 · Minimal