CVE-2025-15132

Medium CVSS: 5.3

A vulnerability was determined in ZSPACE Z4Pro+ 1.0.0440024. The affected element is the function zfilev2_api_open of the file /v2/file/safe/open of the component HTTP POST Request Handler. This manipulation causes command injection. It is possible to initiate the attack remotely. The exploit has been publicly disclosed and may be utilized. The vendor was contacted early about this disclosure.

Vendor

Zspace

Product

Z4pro\+ Firmware

CWE

CWE-74

Yayın Tarihi

2025-12-28 11:15:40

Güncelleme

2026-01-07 21:42:09

Source Identifier

cna@vuldb.com

KEV Date Added

Kategoriler

CWE-74 Z4pro\+ Firmware MEDIUM Zspace 2025

Referanslar

https://github.com/LX-66-LX/cve/issues/2 https://vuldb.com/?ctiid.338510 https://vuldb.com/?id.338510 https://vuldb.com/?submit.713885

Benzer Kayıtlar

Medium

CVE-2025-69431

The ZSPACE Q2C NAS contains a vulnerability related to incorrect symbolic link following. Attackers can format a USB dri…

Medium

CVE-2025-15133

A vulnerability was identified in ZSPACE Z4Pro+ 1.0.0440024. The impacted element is the function zfilev2_api_CloseSafe…

Medium

CVE-2025-15131

A vulnerability was found in ZSPACE Z4Pro+ 1.0.0440024. Impacted is the function zfilev2_api_SafeStatus of the file /v2/…

High

CVE-2025-14107

A security flaw has been discovered in ZSPACE Q2C NAS up to 1.1.0210050. Affected by this vulnerability is the function…

High

CVE-2025-14108

A weakness has been identified in ZSPACE Q2C NAS up to 1.1.0210050. Affected by this issue is the function zfilev2_api.O…

High

CVE-2025-14106

A vulnerability was identified in ZSPACE Q2C NAS up to 1.1.0210050. Affected is the function zfilev2_api.CloseSafe of th…