CVE-2025-15132 | ZSPACE Z4Pro+ 1.0.0440024 HTTP POST Request /v2/file/safe/open zfilev2_api_open command injection

Inserito da Angelo Barbosa | Dic 27, 2025 | CVE

A vulnerability has been found in ZSPACE Z4Pro+ 1.0.0440024 and classified as critical. The affected element is the function zfilev2_api_open of the file /v2/file/safe/open of the component HTTP POST Request Handler. This manipulation causes command injection.

The identification of this vulnerability is CVE-2025-15132. It is possible to initiate the attack remotely. Furthermore, there is an exploit available.

The vendor was contacted early about this disclosure.

CVE-2025-15132 | ZSPACE Z4Pro+ 1.0.0440024 HTTP POST Request /v2/file/safe/open zfilev2_api_open command injection

Post correlati

CVE-2025-23273 | NVIDIA CUDA Toolkit/nvJPEG JPEG File divide by zero

CVE-2024-43657 | Iocharger 24120701/25010801 action.exe os command injection (DIVD-2024-00035)

CVE-2025-25331 | Beitatong LianJia 9.83.50 on iOS Link information disclosure

CVE-2025-61087 | SourceCodester Codester Pet Grooming Management Software 1.0 Customer Management Section Customer Name cross site scripting