CVE-2025-64427

High CVSS: 7.1

ZimaOS is a fork of CasaOS, an operating system for Zima devices and x86-64 systems with UEFI. In version 1.5.0 and prior, due to insufficient validation or restriction of target URLs, an authenticated local user can craft requests that target internal IP addresses (e.g., 127.0.0.1, localhost, or private network ranges). This allows the attacker to interact with internal HTTP/HTTPS services that are not intended to be exposed externally or to local users. No known patch is publicly available.

Vendor

Zimaspace

Product

Zimaos

CWE

CWE-200

Yayın Tarihi

2026-03-02 17:16:28

Güncelleme

2026-03-05 15:18:14

Source Identifier

security-advisories@github.com

KEV Date Added

Kategoriler

CWE-200 Zimaos HIGH Zimaspace 2026

Referanslar

https://github.com/IceWhaleTech/ZimaOS/security/advisories/GHSA-m8hj-7xg5-p375

Benzer Kayıtlar

High

CVE-2026-28442

ZimaOS is a fork of CasaOS, an operating system for Zima devices and x86-64 systems with UEFI. In version 1.5.2-beta3, u…

High

CVE-2026-28286

ZimaOS is a fork of CasaOS, an operating system for Zima devices and x86-64 systems with UEFI. In version 1.5.2-beta3, t…

Critical

CVE-2026-21891

ZimaOS is a fork of CasaOS, an operating system for Zima devices and x86-64 systems with UEFI. In versions up to and inc…

Medium

CVE-2025-58431

ZimaOS is a fork of CasaOS, an operating system for Zima devices and x86-64 systems with UEFI. In version 1.4.1 and earl…

Medium

CVE-2025-58432

ZimaOS is a fork of CasaOS, an operating system for Zima devices and x86-64 systems with UEFI. In version 1.4.1 and all…