CVE-2025-34467

See a problem?
Please try reporting it to the source first.
Source
https://cve.org/CVERecord?id=CVE-2025-34467
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2025-34467.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2025-34467
Published
2025-12-31T19:15:43.753Z
Modified
2026-03-12T20:21:10.252601Z
Severity
  • 4.3 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L CVSS Calculator
Summary
[none]
Details

ZwiiCMS versions prior to 13.7.00 contain a denial-of-service vulnerability in multiple administrative endpoints due to improper authorization checks combined with flawed resource state management. When an authenticated low-privilege user requests an administrative page, the application returns "404 Not Found" as expected, but incorrectly acquires and associates a temporary lock on the targeted resource with the attacker session prior to authorization. This lock prevents other users, including administrators, from accessing the affected functionality until the attacker navigates away or the session is terminated.

References

Affected packages

Git / github.com/fredtempez/zwiicms

Affected ranges

Type
GIT
Repo
https://github.com/fredtempez/zwiicms
Events
Introduced
0 Unknown introduced commit / All previous commits are affected
Fixed
ae8f67ad1400f7aba99e44316173aa3a6e8995ee
Database specific 
{
    "versions": [
        {
            "introduced": "0"
        },
        {
            "fixed": "13.7.00"
        }
    ]
}

Database specific

source 
"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2025-34467.json"