CVE-2025-34467

Name of the Vulnerable Software and Affected Versions ZwiiCMS versions prior to 13.7.00

Description The software contains a denial-of-service issue in several administrative areas because of incorrect authorization checks and problems with how resources are handled. A user with limited access can request an administrative page, which should result in a "404 Not Found" error. However, the application incorrectly obtains and links a temporary lock on the requested resource to the attacker's session before checking if the user is authorized. This lock prevents other users, including administrators, from accessing the affected features until the attacker leaves the page or their session ends. The affected administrative endpoints include multiple locations.

Recommendations Update to version 13.7.00 or later.