A vulnerability labeled as critical has been found in SeriaWei ZKEACMS up to 4.3. This affects the function
Edit
of the file src/ZKEACMS.EventAction/Controllers/PendingTaskController.cs of the component Event Action System. Such manipulation of the argument Data leads to server-side request forgery.
This vulnerability is listed as CVE-2025-10764. The attack may be performed from remote. In addition, an exploit is available.
The vendor was contacted early about this disclosure but did not respond in any way.