CVE-2025-13789 | ZenTao up to 21.7.6-8564 module/ai/model.php makeRequest Base server-side request forgery

Inserito da Angelo Barbosa | Nov 29, 2025 | CVE

A vulnerability was found in ZenTao up to 21.7.6-8564 and classified as critical. This affects the function makeRequest of the file module/ai/model.php. The manipulation of the argument Base results in server-side request forgery.

This vulnerability is reported as CVE-2025-13789. The attack can be launched remotely. Moreover, an exploit is present.

It is suggested to upgrade the affected component.

CVE-2025-13789 | ZenTao up to 21.7.6-8564 module/ai/model.php makeRequest Base server-side request forgery

Post correlati

CVE-2025-24788 | snowflakedb snowflake-connector-net up to 4.2.0 on Linux/macOS default permission (GHSA-2mqw-rq5m-8hc8)

CVE-2024-48191 | dingfanzu CMS 1.0 doAdminAction.php?act=delAdmin&id=17 cross-site request forgery

CVE-2024-6111 | itsourcecode Pool of Bethesda Online Reservation System 1.0 login.php email sql injection

CVE-2025-4541 | LmxCMS 1.41 POST Request ZtAction.class.php manageZt sortid sql injection