CVE-2025-22957

CRITICAL

9.8

Description

A SQL injection vulnerability exists in the front-end of the website in ZZCMS <= 2023, which can be exploited without any authentication. This vulnerability could potentially allow attackers to gain unauthorized access to the database and extract sensitive information.

CVE Details

CVSS v3.1 Score9.8

SeverityCRITICAL

CVSS VectorCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Attack VectorNETWORK

ComplexityLOW

Privileges RequiredNONE

User InteractionNONE

Published1/31/2025

Last Modified4/22/2025

Sourcenvd

Honeypot Sightings0

Affected Products

zzcms:zzcms

Weaknesses (CWE)

CWE-89

References

http://www.zzcms.net/(cve@mitre.org)

https://github.com/youyouiooi/vulnerability-reports/blob/main/CVE-2025-22957/REANDE.md(cve@mitre.org)

IOC Correlations

No correlations recorded

This product uses data from the NVD API but is not endorsed or certified by the NVD.