CVE-2025-15082

CVSS v3.1

7.5

High

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Name of the Vulnerable Software and Affected Versions TOZED ZLT M30s versions up to 1.47

Description A flaw exists in TOZED ZLT M30s, specifically within the Web Management Interface component. Manipulation of the goformId argument in a request to the /reqproc/proc post file can lead to information disclosure. The attack can be initiated remotely. The exploit for this issue has been publicly released. The vendor was notified but did not respond.

Recommendations Versions up to 1.47 should be updated when a fix becomes available. As a temporary workaround, consider restricting access to the /reqproc/proc post file to minimize the risk of exploitation.

Exploit

Fix

Information Disclosure

Improper Access Control

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-200CWE-284

Related Identifiers

CVE-2025-15082

Affected Products

Tozed Zlt M30S

CVE-2025-15082

Weakness Enumeration

Related Identifiers

Affected Products

References · 13