CVE-2025-22957

CRITICAL

9.8

Descripcion

A SQL injection vulnerability exists in the front-end of the website in ZZCMS <= 2023, which can be exploited without any authentication. This vulnerability could potentially allow attackers to gain unauthorized access to the database and extract sensitive information.

Detalles CVE

Puntuacion CVSS v3.19.8

SeveridadCRITICAL

Vector CVSSCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Vector de ataqueNETWORK

ComplejidadLOW

Privilegios requeridosNONE

Interaccion usuarioNONE

Publicado1/31/2025

Ultima modificacion4/22/2025

Fuentenvd

Avistamientos honeypot0

Productos afectados

zzcms:zzcms

Debilidades (CWE)

CWE-89

Referencias

http://www.zzcms.net/(cve@mitre.org)

https://github.com/youyouiooi/vulnerability-reports/blob/main/CVE-2025-22957/REANDE.md(cve@mitre.org)

Correlaciones IOC

Sin correlaciones registradas

This product uses data from the NVD API but is not endorsed or certified by the NVD.