CVE-2025-22957

CRITICAL

9.8

Description

A SQL injection vulnerability exists in the front-end of the website in ZZCMS <= 2023, which can be exploited without any authentication. This vulnerability could potentially allow attackers to gain unauthorized access to the database and extract sensitive information.

Details CVE

Score CVSS v3.19.8

SeveriteCRITICAL

Vecteur CVSSCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Vecteur d'attaqueNETWORK

ComplexiteLOW

Privileges requisNONE

Interaction utilisateurNONE

Publie1/31/2025

Derniere modification4/22/2025

Sourcenvd

Observations honeypot0

Produits affectes

zzcms:zzcms

Faiblesses (CWE)

CWE-89

References

http://www.zzcms.net/(cve@mitre.org)

https://github.com/youyouiooi/vulnerability-reports/blob/main/CVE-2025-22957/REANDE.md(cve@mitre.org)

Correlations IOC

Aucune correlation enregistree

This product uses data from the NVD API but is not endorsed or certified by the NVD.