exploitDog

CVE-2025-57130

Опубликовано: 05 нояб. 2025

Источник: nvd

CVSS3: 8.3

CVSS3: 8.8

EPSS Низкий

Описание

An Incorrect Access Control vulnerability in the user management component of ZwiiCMS up to v13.6.07 allows a remote, authenticated attacker to escalate their privileges. By sending a specially crafted HTTP request, a low-privilege user can access and modify the profile data of any other user, including administrators.

Ссылки

http://zwiicms.com
Product
Broken Link
https://blog.nivel4.com/noticias/cve-2025-57130-especialistas-de-nivel4-identifican-falla-de-alta-severidad-en-gestor-de-contenidos
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:zwiicms:zwiicms:*:*:*:*:*:*:*:*

Версия до 13.6.07 (включая)

EPSS

Процентиль: 47%

0.00238

Низкий

8.3 High

CVSS3

8.8 High

CVSS3

Дефекты

CWE-284

Связанные уязвимости

GHSA-xc2m-hmp7-hc44

CVSS3: 8.3

github

3 месяца назад

An Incorrect Access Control vulnerability in the user management component of ZwiiCMS up to v13.6.07 allows a remote, authenticated attacker to escalate their privileges. By sending a specially crafted HTTP request, a low-privilege user can access and modify the profile data of any other user, including administrators.

EPSS

Процентиль: 47%

0.00238

Низкий

8.3 High

CVSS3

8.8 High

CVSS3

Дефекты

CWE-284