ZenTao model.php makeRequest server-side request forgery_CVE-2025-13789

5.3 / 10

MEDIUM

CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P

Description

A vulnerability was found in ZenTao up to 21.7.6-8564. This affects the function makeRequest of the file module/ai/model.php. The manipulation of the argument Base results in server-side request forgery. The attack can be launched remotely. The exploit has been made public and could be used. Upgrading to version 21.7.6 mitigates this issue. It is suggested to upgrade the affected component.

Basic Information

ID CVE-2025-13789

Source VulDB

Published Nov 30, 2025 at 13:32

Affected Product

Vendor n/a

Product ZenTao

Version 21.7.6-8564

Affected Versions n/a ZenTao 21.7.6-8564

CWE Classification

CWE-918

References

{
    "lastseen": "",
    "description": "A vulnerability was found in ZenTao up to 21.7.6-8564. This affects the function makeRequest of the file module/ai/model.php. The manipulation of the argument Base results in server-side request forgery. The attack can be launched remotely. The exploit has been made public and could be used. Upgrading to version 21.7.6 mitigates this issue. It is suggested to upgrade the affected component.",
    "published": "2025-11-30T13:32:16.964Z",
    "modified": "2025-11-30T13:32:16.964Z",
    "type": "cve",
    "title": "ZenTao model.php makeRequest server-side request forgery",
    "source": "VulDB",
    "references": "https://vuldb.com/?id.333793\nhttps://vuldb.com/?ctiid.333793\nhttps://vuldb.com/?submit.690728\nhttps://github.com/ez-lbz/ez-lbz.github.io/issues/2\nhttps://github.com/ez-lbz/ez-lbz.github.io/issues/2#issuecomment-3540247346\nhttps://github.com/ez-lbz/ez-lbz.github.io/issues/2#issue-3598317459\nhttps://www.zentao.net/extension-viewext-6.html",
    "id": "CVE-2025-13789",
    "bulletinFamily": "",
    "cwe": [
        "CWE-918"
    ],
    "cvelist": null,
    "sourceData": "n/a ZenTao 21.7.6-8564",
    "sourceHref": "",
    "cvss": {
        "score": 5.3,
        "severity": "MEDIUM",
        "vector": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P",
        "version": "4.0"
    },
    "cvss2": [],
    "cvss3": {
        "version": "",
        "vectorString": "",
        "baseScore": 0,
        "baseSeverity": "",
        "attackVector": "",
        "attackComplexity": "",
        "privilegesRequired": "",
        "userInteraction": "",
        "scope": "",
        "confidentialityImpact": "",
        "integrityImpact": "",
        "availabilityImpact": "",
        "cvssV3": {
            "version": "",
            "vectorString": "",
            "baseScore": 0,
            "baseSeverity": "",
            "attackVector": "",
            "attackComplexity": "",
            "privilegesRequired": "",
            "userInteraction": "",
            "scope": "",
            "confidentialityImpact": "",
            "integrityImpact": "",
            "availabilityImpact": ""
        }
    },
    "href": "",
    "category_name": "CVE",
    "post_link": "",
    "product": "ZenTao",
    "version": "21.7.6-8564",
    "vendor": "n/a",
    "ai_description": "",
    "ai_severity": "",
    "ai_vendor": "",
    "ai_product": "",
    "ai_version": "",
    "ai_score": 0
}