Zytec Dalian Zhuoyun Technology Central Authentication Service widget

5.3 / 10

MEDIUM

CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P

Description

A vulnerability was detected in Zytec Dalian Zhuoyun Technology Central Authentication Service up to 20251009. This vulnerability affects the function _empty of the file /index.php/auth/widget. Performing manipulation of the argument get.layer/get.widget/get.action results in code injection. The attack is possible to be carried out remotely. The exploit is now public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.

Basic Information

ID CVE-2025-12266

Source VulDB

Published Oct 27, 2025 at 11:02

Modified Oct 27, 2025 at 12:10

Affected Product

Vendor Zytec Dalian Zhuoyun Technology

Product Central Authentication Service

Version 20251009

Affected Versions Zytec Dalian Zhuoyun Technology Central Authentication Service 20251009

CWE Classification

CWE-94 CWE-74

References

{
    "lastseen": "",
    "description": "A vulnerability was detected in Zytec Dalian Zhuoyun Technology Central Authentication Service up to 20251009. This vulnerability affects the function _empty of the file /index.php/auth/widget. Performing manipulation of the argument get.layer/get.widget/get.action results in code injection. The attack is possible to be carried out remotely. The exploit is now public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.",
    "published": "2025-10-27T11:02:10.635Z",
    "modified": "2025-10-27T12:10:15.962Z",
    "type": "cve",
    "title": "Zytec Dalian Zhuoyun Technology Central Authentication Service widget _empty code injection",
    "source": "VulDB",
    "references": "https://vuldb.com/?id.329938\nhttps://vuldb.com/?ctiid.329938\nhttps://vuldb.com/?submit.671721\nhttp://101.200.76.102:38765/qwertyuiop/Vuldb/Zytec.html",
    "id": "CVE-2025-12266",
    "bulletinFamily": "",
    "cwe": [
        "CWE-94",
        "CWE-74"
    ],
    "cvelist": null,
    "sourceData": "Zytec Dalian Zhuoyun Technology Central Authentication Service 20251009",
    "sourceHref": "",
    "cvss": {
        "score": 5.3,
        "severity": "MEDIUM",
        "vector": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P",
        "version": "4.0"
    },
    "cvss2": [],
    "cvss3": {
        "version": "",
        "vectorString": "",
        "baseScore": 0,
        "baseSeverity": "",
        "attackVector": "",
        "attackComplexity": "",
        "privilegesRequired": "",
        "userInteraction": "",
        "scope": "",
        "confidentialityImpact": "",
        "integrityImpact": "",
        "availabilityImpact": "",
        "cvssV3": {
            "version": "",
            "vectorString": "",
            "baseScore": 0,
            "baseSeverity": "",
            "attackVector": "",
            "attackComplexity": "",
            "privilegesRequired": "",
            "userInteraction": "",
            "scope": "",
            "confidentialityImpact": "",
            "integrityImpact": "",
            "availabilityImpact": ""
        }
    },
    "href": "",
    "category_name": "CVE",
    "post_link": "",
    "product": "Central Authentication Service",
    "version": "20251009",
    "vendor": "Zytec Dalian Zhuoyun Technology",
    "ai_description": "",
    "ai_severity": "",
    "ai_vendor": "",
    "ai_product": "",
    "ai_version": "",
    "ai_score": 0
}

Zytec Dalian Zhuoyun Technology Central Authentication Service widget _empty code injection_CVE-2025-12266