SecBoard
Zurück zur CVE-Übersicht

CVE-2025-57130

HIGH(8.3)

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:L

Risk Signal Score21/100 — NIEDRIG
  • CVSS 8.3 — Hoch

EPSS-Score

0%

Exploit-Wahrscheinlichkeit (30 Tage)

CVSS Score

8.3

Technische Schwere

Beschreibung

An Incorrect Access Control vulnerability in the user management component of ZwiiCMS up to v13.6.07 allows a remote, authenticated attacker to escalate their privileges. By sending a specially crafted HTTP request, a low-privilege user can access and modify the profile data of any other user, including administrators.

Referenzen