CVE-2025-15133

Medium CVSS: 5.3

A vulnerability was identified in ZSPACE Z4Pro+ 1.0.0440024. The impacted element is the function zfilev2_api_CloseSafe of the file /v2/file/safe/close of the component HTTP POST Request Handler. Such manipulation leads to command injection. It is possible to launch the attack remotely. The exploit is publicly available and might be used. The vendor was contacted early about this disclosure.

Vendor

Zspace

Product

Z4pro\+ Firmware

CWE

CWE-74

Yayın Tarihi

2025-12-28 11:15:41

Güncelleme

2026-01-07 21:38:13

Source Identifier

cna@vuldb.com

KEV Date Added

Kategoriler

CWE-74 Z4pro\+ Firmware MEDIUM Zspace 2025

Referanslar

https://github.com/LX-66-LX/cve/issues/3 https://vuldb.com/?ctiid.338511 https://vuldb.com/?id.338511 https://vuldb.com/?submit.713887

Benzer Kayıtlar

Medium

CVE-2025-69431

The ZSPACE Q2C NAS contains a vulnerability related to incorrect symbolic link following. Attackers can format a USB dri…

Medium

CVE-2025-15132

A vulnerability was determined in ZSPACE Z4Pro+ 1.0.0440024. The affected element is the function zfilev2_api_open of th…

Medium

CVE-2025-15131

A vulnerability was found in ZSPACE Z4Pro+ 1.0.0440024. Impacted is the function zfilev2_api_SafeStatus of the file /v2/…

High

CVE-2025-14107

A security flaw has been discovered in ZSPACE Q2C NAS up to 1.1.0210050. Affected by this vulnerability is the function…

High

CVE-2025-14108

A weakness has been identified in ZSPACE Q2C NAS up to 1.1.0210050. Affected by this issue is the function zfilev2_api.O…

High

CVE-2025-14106

A vulnerability was identified in ZSPACE Q2C NAS up to 1.1.0210050. Affected is the function zfilev2_api.CloseSafe of th…