CVE-2025-15133 | ZSPACE Z4Pro+ 1.0.0440024 HTTP POST Request /v2/file/safe/close zfilev2_api_CloseSafe command injection

Inserito da Angelo Barbosa | Dic 27, 2025 | CVE

A vulnerability was found in ZSPACE Z4Pro+ 1.0.0440024 and classified as critical. The impacted element is the function zfilev2_api_CloseSafe of the file /v2/file/safe/close of the component HTTP POST Request Handler. Such manipulation leads to command injection.

This vulnerability is referenced as CVE-2025-15133. It is possible to launch the attack remotely. Furthermore, an exploit is available.

The vendor was contacted early about this disclosure.

CVE-2025-15133 | ZSPACE Z4Pro+ 1.0.0440024 HTTP POST Request /v2/file/safe/close zfilev2_api_CloseSafe command injection

Post correlati

CVE-2024-11961 | Guangzhou Huayi Intelligent Technology Jeewms 3.7 WmOmNoticeHController.java preHandle request information disclosure

CVE-2024-2072 | SourceCodester Flashcard Quiz App 1.0 update-flashcard.php question/answer cross site scripting

CVE-2024-5580 | Allegra loadFieldMatch deserialization (ZDI-24-1163)

CVE-2024-45195 | Apache OFBiz up to 18.12.15 Controller View direct request