CVE-2025-11284 | Zytec Dalian Zhuoyun Technology Central Authentication Service 3 HTTP Header /index.php/auth/Ops/git Authorization hard-coded password

A vulnerability, which was classified as critical, has been found in Zytec Dalian Zhuoyun Technology Central Authentication Service 3. Affected by this vulnerability is an unknown functionality of the file /index.php/auth/Ops/git of the component HTTP Header Handler. The manipulation of the argument Authorization leads to use of hard-coded password.

This vulnerability is documented as CVE-2025-11284. The attack can be initiated remotely. Additionally, an exploit exists.

It is recommended to apply restrictive firewalling.

The vendor was contacted early about this disclosure but did not respond in any way.

CVE-2025-11284 | Zytec Dalian Zhuoyun Technology Central Authentication Service 3 HTTP Header /index.php/auth/Ops/git Authorization hard-coded password

Post correlati

CVE-2024-10921 | MongoDB Server up to 5.0.29/6.0.18/7.0.14/8.0.3 BSON Requests null byte or nul character

CVE-2024-5410 | ORing IAP-420 up to 2.01e Web Interface cross site scripting

CVE-2024-3645 | Essential Addons for Elementor Pro Plugin up to 5.8.11 on WordPress title_html_tag cross site scripting

CVE-2024-42452 | Veeam Backup & Replication up to 12.2 unrestricted upload (kb4693)