CVE-2025-10764

See a problem?
Please try reporting it to the source first.

Source

https://cve.org/CVERecord?id=CVE-2025-10764

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2025-10764.json

JSON Data

https://api.osv.dev/v1/vulns/CVE-2025-10764

Published

2025-09-21T06:15:33.353Z

Modified

2026-04-10T05:20:30.795864Z

Severity

8.8 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVSS Calculator

Summary

[none]

Details

A vulnerability was identified in SeriaWei ZKEACMS up to 4.3. This affects the function Edit of the file src/ZKEACMS.EventAction/Controllers/PendingTaskController.cs of the component Event Action System. Such manipulation of the argument Data leads to server-side request forgery. The attack may be performed from remote. The exploit is publicly available and might be used. The vendor was contacted early about this disclosure but did not respond in any way.

References

Affected packages

Git / github.com/seriawei/zkeacms

Affected ranges

Type

GIT

Repo

https://github.com/seriawei/zkeacms

Events

Introduced

Last affected

d4ff093d39804fef59120286b2525d60864b0887

Database specific

{
    "versions": [
        {
            "introduced": "0"
        },
        {
            "last_affected": "4.3"
        }
    ]
}

Affected versions

v1.*

v1.0

v1.2

v3.*

v3.1.3

v3.1.4

v3.1.5

v3.1.7

v3.1.9

v3.2.0

v3.2.1

v3.2.2

v3.2.3

v3.3

v3.3.1

v3.3.1.0

v3.3.2

v3.3.3

v3.3.4

v3.3.5

v3.3.6

v3.3.7

v3.4

v3.4.1

v3.4.2

v3.4.3

v3.4.4

v3.4.5

v3.5

v3.5.1

v3.5.2

v3.5.4

v3.5.5

v3.5.6

v3.6

v3.6.1

v3.6.2

v3.7

v3.8

v3.9

v3.9.1

v3.9.2

v3.9.3

v3.9.4

v4.*

v4.3

Database specific

source

"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2025-10764.json"