ZenTao File control.php delete privileges management_CVE-2025-13787

5.3 / 10

MEDIUM

CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:L/SC:N/SI:N/SA:N/E:X

Description

A flaw has been found in ZenTao up to 21.7.6-8564. The affected element is the function file::delete of the file module/file/control.php of the component File Handler. Executing manipulation of the argument fileID can lead to improper privilege management. It is possible to launch the attack remotely. Upgrading to version 21.7.7 is sufficient to fix this issue. You should upgrade the affected component.

Basic Information

ID CVE-2025-13787

Source VulDB

Published Nov 30, 2025 at 10:32

Affected Product

Vendor n/a

Product ZenTao

Version 21.7.6-8564

Affected Versions n/a ZenTao 21.7.6-8564

CWE Classification

CWE-269 CWE-266

References

{
    "lastseen": "",
    "description": "A flaw has been found in ZenTao up to 21.7.6-8564. The affected element is the function file::delete of the file module/file/control.php of the component File Handler. Executing manipulation of the argument fileID can lead to improper privilege management. It is possible to launch the attack remotely. Upgrading to version 21.7.7 is sufficient to fix this issue. You should upgrade the affected component.",
    "published": "2025-11-30T10:32:08.651Z",
    "modified": "2025-11-30T10:32:08.651Z",
    "type": "cve",
    "title": "ZenTao File control.php delete privileges management",
    "source": "VulDB",
    "references": "https://vuldb.com/?id.333791\nhttps://vuldb.com/?ctiid.333791\nhttps://vuldb.com/?submit.689892\nhttps://github.com/ez-lbz/ez-lbz.github.io/issues/1\nhttps://github.com/ez-lbz/ez-lbz.github.io/issues/1#issuecomment-3540423868\nhttps://www.zentao.net/extension-buyext-1601-download.html",
    "id": "CVE-2025-13787",
    "bulletinFamily": "",
    "cwe": [
        "CWE-269",
        "CWE-266"
    ],
    "cvelist": null,
    "sourceData": "n/a ZenTao 21.7.6-8564",
    "sourceHref": "",
    "cvss": {
        "score": 5.3,
        "severity": "MEDIUM",
        "vector": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:L/SC:N/SI:N/SA:N/E:X",
        "version": "4.0"
    },
    "cvss2": [],
    "cvss3": {
        "version": "",
        "vectorString": "",
        "baseScore": 0,
        "baseSeverity": "",
        "attackVector": "",
        "attackComplexity": "",
        "privilegesRequired": "",
        "userInteraction": "",
        "scope": "",
        "confidentialityImpact": "",
        "integrityImpact": "",
        "availabilityImpact": "",
        "cvssV3": {
            "version": "",
            "vectorString": "",
            "baseScore": 0,
            "baseSeverity": "",
            "attackVector": "",
            "attackComplexity": "",
            "privilegesRequired": "",
            "userInteraction": "",
            "scope": "",
            "confidentialityImpact": "",
            "integrityImpact": "",
            "availabilityImpact": ""
        }
    },
    "href": "",
    "category_name": "CVE",
    "post_link": "",
    "product": "ZenTao",
    "version": "21.7.6-8564",
    "vendor": "n/a",
    "ai_description": "",
    "ai_severity": "",
    "ai_vendor": "",
    "ai_product": "",
    "ai_version": "",
    "ai_score": 0
}