CVE-2025-1848

Name of the Vulnerable Software and Affected Versions zj1983 zz versions up to 2024-8

Description A critical vulnerability has been found in the affected software. The issue is related to an unknown function of the file /import data check, where the manipulation of the url argument leads to server-side request forgery. This can be exploited remotely. The exploit has been disclosed publicly, and the vendor was contacted but did not respond.

Recommendations For zj1983 zz versions up to 2024-8, as a temporary workaround, consider restricting access to the /import data check file and limiting the manipulation of the url argument to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.