CVE-2025-11272 | SeriaWei ZKEACMS up to 4.3 POST Request UrlRedirectionController.cs Delete improper authorization

A vulnerability was found in SeriaWei ZKEACMS up to 4.3. It has been rated as critical. This affects the function Delete of the file src/ZKEACMS.Redirection/Controllers/UrlRedirectionController.cs of the component POST Request Handler. The manipulation leads to improper authorization.

This vulnerability is referenced as CVE-2025-11272. Remote exploitation of the attack is possible. Furthermore, an exploit is available.

The vendor was contacted early about this disclosure but did not respond in any way.

CVE-2025-11272 | SeriaWei ZKEACMS up to 4.3 POST Request UrlRedirectionController.cs Delete improper authorization

Post correlati

CVE-2023-39179 | Linux Kernel ksmbd out-of-bounds

CVE-2023-27584 | dragonflyoss Dragonfly up to 2.0.8 hard-coded key (GHSA-hpc8-7wpm-889w)

CVE-2025-10712 | 07FLYCMS/07FLY-CMS/07FlyCRM up to 20250831 /index.php/Login/login Username sql injection

CVE-2024-43331 | VeronaLabs WP SMS Plugin up to 6.9.3 on WordPress authorization