CVE-2025-11272

Name of the Vulnerable Software and Affected Versions SeriaWei ZKEACMS versions up to 4.3

Description A flaw exists in the Delete function within the src/ZKEACMS.Redirection/Controllers/UrlRedirectionController.cs file of the POST Request Handler component. This issue results in improper authorization, potentially allowing for remote exploitation. The exploit for this issue has been publicly disclosed. The vendor was informed of this disclosure but did not provide a response.

Recommendations Versions prior to 4.4 are affected. At the moment, there is no information about a newer version that contains a fix for this vulnerability.