CVE-2025-15131

See a problem?
Please try reporting it to the source first.

Source

https://cve.org/CVERecord?id=CVE-2025-15131

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2025-15131.json

JSON Data

https://api.osv.dev/v1/vulns/CVE-2025-15131

Published

2025-12-28T10:15:41.110Z

Modified

2026-03-14T01:48:35.631966Z

Severity

8.8 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVSS Calculator

Summary

[none]

Details

A vulnerability was found in ZSPACE Z4Pro+ 1.0.0440024. Impacted is the function zfilev2apiSafeStatus of the file /v2/file/safe/status of the component HTTP POST Request Handler. The manipulation results in command injection. The attack may be performed from remote. The exploit has been made public and could be used. The vendor was contacted early about this disclosure.

References

Affected packages

Git /

Affected ranges

Database specific

unresolved_ranges

[
    {
        "events": [
            {
                "introduced": "0"
            },
            {
                "last_affected": "1.0.0440024"
            }
        ]
    }
]

source

"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2025-15131.json"