CVE-2025-11284 | Zytec Dalian Zhuoyun Technology Central Authentication Service 3 HTTP Header /index.php/auth/Ops/git Authorization hard-coded password

A vulnerability, which was classified as critical, has been found in Zytec Dalian Zhuoyun Technology Central Authentication Service 3. Affected by this vulnerability is an unknown functionality of the file /index.php/auth/Ops/git of the component HTTP Header Handler. The manipulation of the argument Authorization leads to use of hard-coded password.

This vulnerability is documented as CVE-2025-11284. The attack can be initiated remotely. Additionally, an exploit exists.

It is recommended to apply restrictive firewalling.

The vendor was contacted early about this disclosure but did not respond in any way.

CVE-2025-11284 | Zytec Dalian Zhuoyun Technology Central Authentication Service 3 HTTP Header /index.php/auth/Ops/git Authorization hard-coded password

Post correlati

CVE-2018-9377 | Google Android up to 8.1 IAudioPolicyService.cpp onTransact information disclosure

CVE-2024-44094 | Google Android code/drm_fw.c ppmp_protect_mfcfw_buf memory corruption

CVE-2025-29617 | Piciorgros TMO-100 up to 4.19 TFTP Service missing authentication

CVE-2024-21651 | XWiki xwiki-platform-distribution-war Attachment denial of service