SeriaWei ZKEACMS Event Action System PendingTaskController.cs Edit server-side request forgery

5.3 / 10

MEDIUM

CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P

Description

A vulnerability was identified in SeriaWei ZKEACMS up to 4.3. This affects the function Edit of the file src/ZKEACMS.EventAction/Controllers/PendingTaskController.cs of the component Event Action System. Such manipulation of the argument Data leads to server-side request forgery. The attack may be performed from remote. The exploit is publicly available and might be used. The vendor was contacted early about this disclosure but did not respond in any way.

Basic Information

ID CVE-2025-10764

Source VulDB

Published Sep 21, 2025 at 05:32

Affected Product

Vendor SeriaWei

Product ZKEACMS

Version 4.0

Affected Versions SeriaWei ZKEACMS 4.0
SeriaWei ZKEACMS 4.1
SeriaWei ZKEACMS 4.2
SeriaWei ZKEACMS 4.3

CWE Classification

CWE-918

References

{
    "lastseen": "",
    "description": "A vulnerability was identified in SeriaWei ZKEACMS up to 4.3. This affects the function Edit of the file src/ZKEACMS.EventAction/Controllers/PendingTaskController.cs of the component Event Action System. Such manipulation of the argument Data leads to server-side request forgery. The attack may be performed from remote. The exploit is publicly available and might be used. The vendor was contacted early about this disclosure but did not respond in any way.",
    "published": "2025-09-21T05:32:05.806Z",
    "modified": "2025-09-21T05:32:05.806Z",
    "type": "cve",
    "title": "SeriaWei ZKEACMS Event Action System PendingTaskController.cs Edit server-side request forgery",
    "source": "VulDB",
    "references": "https://vuldb.com/?id.325119\nhttps://vuldb.com/?ctiid.325119\nhttps://vuldb.com/?submit.647629\nhttps://github.com/August829/Yu/blob/main/58ead8e7e08bfb021.md",
    "id": "CVE-2025-10764",
    "bulletinFamily": "",
    "cwe": [
        "CWE-918"
    ],
    "cvelist": null,
    "sourceData": "SeriaWei ZKEACMS 4.0\nSeriaWei ZKEACMS 4.1\nSeriaWei ZKEACMS 4.2\nSeriaWei ZKEACMS 4.3",
    "sourceHref": "",
    "cvss": {
        "score": 5.3,
        "severity": "MEDIUM",
        "vector": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P",
        "version": "4.0"
    },
    "cvss2": [],
    "cvss3": {
        "version": "",
        "vectorString": "",
        "baseScore": 0,
        "baseSeverity": "",
        "attackVector": "",
        "attackComplexity": "",
        "privilegesRequired": "",
        "userInteraction": "",
        "scope": "",
        "confidentialityImpact": "",
        "integrityImpact": "",
        "availabilityImpact": "",
        "cvssV3": {
            "version": "",
            "vectorString": "",
            "baseScore": 0,
            "baseSeverity": "",
            "attackVector": "",
            "attackComplexity": "",
            "privilegesRequired": "",
            "userInteraction": "",
            "scope": "",
            "confidentialityImpact": "",
            "integrityImpact": "",
            "availabilityImpact": ""
        }
    },
    "href": "",
    "category_name": "CVE",
    "post_link": "",
    "product": "ZKEACMS",
    "version": "4.0",
    "vendor": "SeriaWei",
    "ai_description": "",
    "ai_severity": "",
    "ai_vendor": "",
    "ai_product": "",
    "ai_version": "",
    "ai_score": 0
}

SeriaWei ZKEACMS Event Action System PendingTaskController.cs Edit server-side request forgery_CVE-2025-10764