CVE-2025-15131 | ZSPACE Z4Pro+ 1.0.0440024 HTTP POST Request /v2/file/safe/status zfilev2_api_SafeStatus command injection

Inserito da Angelo Barbosa | Dic 27, 2025 | CVE

A vulnerability, which was classified as critical, was found in ZSPACE Z4Pro+ 1.0.0440024. Impacted is the function zfilev2_api_SafeStatus of the file /v2/file/safe/status of the component HTTP POST Request Handler. The manipulation results in command injection.

This vulnerability was named CVE-2025-15131. The attack may be performed from remote. In addition, an exploit is available.

The vendor was contacted early about this disclosure.

CVE-2025-15131 | ZSPACE Z4Pro+ 1.0.0440024 HTTP POST Request /v2/file/safe/status zfilev2_api_SafeStatus command injection

Post correlati

CVE-2023-49956 | Dalmann OCPP.Core up to 1.2.x StopTransaction Message random values

CVE-2024-35643 | Xabier Miranda WP Back Button Plugin up to 1.1.3 on WordPress cross site scripting

CVE-2025-46559 | misskey up to 2025.2.1 Mk:api path traversal

CVE-2024-9030 | CodeCanyon CRMGo SaaS 7.2 /deal/{note_id}/note notes cross site scripting