CVE-2025-15133

Name of the Vulnerable Software and Affected Versions ZSPACE Z4Pro+ version 1.0.0440024

Description A command injection issue exists in ZSPACE Z4Pro+. The affected component is the HTTP POST Request Handler, specifically within the zfilev2 api CloseSafe function located in the file /v2/file/safe/close. Manipulation of this function can lead to remote command injection. The exploit is publicly available.

Recommendations Versions prior to 1.0.0440024 are affected. At the moment, there is no information about a newer version that contains a fix for this vulnerability.