CVE-2025-64074

Name of the Vulnerable Software and Affected Versions Shenzhen Zhibotong Electronics ZBT WE2001 version 23.09.27

Description A path-traversal flaw exists in the logout functionality. This allows remote attackers to delete arbitrary files on the system by providing a specially crafted session cookie value. The vulnerability is present in the way the system handles file paths during the logout process.

Recommendations Update to a newer version that contains a fix for this vulnerability. As a temporary workaround, consider restricting access to the logout functionality to minimize the risk of exploitation.