PT-2025-48389 · Zentao · Zentao
Ez-Lbz
·
Published
2025-11-30
·
Updated
2025-12-26
·
CVE-2025-13787
CVSS v3.1
9.1
Critical
| Vector | AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H |
Name of the Vulnerable Software and Affected Versions
ZenTao versions up to 21.7.6-8564
Description
A flaw exists in ZenTao related to improper privilege management. The issue is located in the
file::delete function within the module/file/control.php file of the File Handler component. Manipulation of the fileID argument can lead to this issue, and it is possible to launch an attack remotely.Recommendations
Upgrade to version 21.7.7 to resolve the issue.
Exploit
Fix
LPE
Improper Privilege Management
Incorrect Privilege Assignment
Found an issue in the description? Have something to add? Feel free to write us 👾
Related Identifiers
Affected Products
Zentao