CVE-2025-15132

Name of the Vulnerable Software and Affected Versions ZSPACE Z4Pro+ version 1.0.0440024

Description A flaw exists in ZSPACE Z4Pro+ that allows for command injection. The issue is located within the zfilev2 api open function, accessible through the /v2/file/safe/open endpoint of the HTTP POST Request Handler component. This manipulation can be initiated remotely, and details of the exploit have been publicly disclosed.

Recommendations Apply updates to address the issue in the zfilev2 api open function. As a temporary workaround, consider restricting access to the /v2/file/safe/open API endpoint until a patch is available.