CVE-2025-57130

Name of the Vulnerable Software and Affected Versions ZwiiCMS versions prior to 13.6.07

Description An incorrect access control issue exists in the user management component. A remote, authenticated attacker with low privileges can escalate their privileges by sending a specially crafted HTTP request. This allows them to access and modify the profile data of any user, including administrators.

Recommendations Update to a version newer than 13.6.07.