CVE-2025-10471 | ZKEACMS 4.3 MediaController.cs Proxy url server-side request forgery

Inserito da Angelo Barbosa | Set 15, 2025 | CVE

A vulnerability classified as critical has been found in ZKEACMS 4.3. Impacted is the function Proxy of the file src/ZKEACMS/Controllers/MediaController.cs. Performing manipulation of the argument url results in server-side request forgery.

This vulnerability is cataloged as CVE-2025-10471. It is possible to initiate the attack remotely. Furthermore, there is an exploit available.

CVE-2025-10471 | ZKEACMS 4.3 MediaController.cs Proxy url server-side request forgery

Post correlati

CVE-2025-1377 | GNU elfutils 0.192 eu-strip strip.c gelf_getsymshndx denial of service (Bug 32673)

CVE-2024-29232 | Synology Surveillance Station prior 9.2.0-9289/9.2.0-11289 WebAPI Alert.Enum sql injection (SA_24_04)

CVE-2024-44556 | Tenda AX1806 1.0.0.1 setIptvInfo stballvlans stack-based overflow

CVE-2024-30299 | Adobe Framemaker Publishing Server up to 2020.3/2022.2 improper authentication (apsb24-38)