SeriaWei ZKEACMS EventViewerController.cs Download path traversal_CVE-2025-10766

5.3 / 10

MEDIUM

CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:P

Description

A weakness has been identified in SeriaWei ZKEACMS up to 4.3. This issue affects the function Download of the file EventViewerController.cs. Executing manipulation of the argument ID can lead to path traversal. It is possible to launch the attack remotely. The exploit has been made available to the public and could be exploited. The vendor was contacted early about this disclosure but did not respond in any way.

Basic Information

ID CVE-2025-10766

Source VulDB

Published Sep 21, 2025 at 07:02

Affected Product

Vendor SeriaWei

Product ZKEACMS

Version 4.0

Affected Versions SeriaWei ZKEACMS 4.0
SeriaWei ZKEACMS 4.1
SeriaWei ZKEACMS 4.2
SeriaWei ZKEACMS 4.3

CWE Classification

CWE-22

References

{
    "lastseen": "",
    "description": "A weakness has been identified in SeriaWei ZKEACMS up to 4.3. This issue affects the function Download of the file EventViewerController.cs. Executing manipulation of the argument ID can lead to path traversal. It is possible to launch the attack remotely. The exploit has been made available to the public and could be exploited. The vendor was contacted early about this disclosure but did not respond in any way.",
    "published": "2025-09-21T07:02:05.789Z",
    "modified": "2025-09-21T07:02:05.789Z",
    "type": "cve",
    "title": "SeriaWei ZKEACMS EventViewerController.cs Download path traversal",
    "source": "VulDB",
    "references": "https://vuldb.com/?id.325121\nhttps://vuldb.com/?ctiid.325121\nhttps://vuldb.com/?submit.650445\nhttps://github.com/August829/YU1/issues/1",
    "id": "CVE-2025-10766",
    "bulletinFamily": "",
    "cwe": [
        "CWE-22"
    ],
    "cvelist": null,
    "sourceData": "SeriaWei ZKEACMS 4.0\nSeriaWei ZKEACMS 4.1\nSeriaWei ZKEACMS 4.2\nSeriaWei ZKEACMS 4.3",
    "sourceHref": "",
    "cvss": {
        "score": 5.3,
        "severity": "MEDIUM",
        "vector": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:P",
        "version": "4.0"
    },
    "cvss2": [],
    "cvss3": {
        "version": "",
        "vectorString": "",
        "baseScore": 0,
        "baseSeverity": "",
        "attackVector": "",
        "attackComplexity": "",
        "privilegesRequired": "",
        "userInteraction": "",
        "scope": "",
        "confidentialityImpact": "",
        "integrityImpact": "",
        "availabilityImpact": "",
        "cvssV3": {
            "version": "",
            "vectorString": "",
            "baseScore": 0,
            "baseSeverity": "",
            "attackVector": "",
            "attackComplexity": "",
            "privilegesRequired": "",
            "userInteraction": "",
            "scope": "",
            "confidentialityImpact": "",
            "integrityImpact": "",
            "availabilityImpact": ""
        }
    },
    "href": "",
    "category_name": "CVE",
    "post_link": "",
    "product": "ZKEACMS",
    "version": "4.0",
    "vendor": "SeriaWei",
    "ai_description": "",
    "ai_severity": "",
    "ai_vendor": "",
    "ai_product": "",
    "ai_version": "",
    "ai_score": 0
}