CVE-2025-13789

Sažetak

A vulnerability was found in ZenTao up to 21.7.6-8564. This affects the function makeRequest of the file module/ai/model.php. The manipulation of the argument Base results in server-side request forgery. The attack can be launched remotely. The exploit has been made public and could be used. Upgrading to version 21.7.6 mitigates this issue. It is suggested to upgrade the affected component.

Reference

https://github.com/ez-lbz/ez-lbz.github.io/issues/2
https://github.com/ez-lbz/ez-lbz.github.io/issues/2#issue-3598317459
https://github.com/ez-lbz/ez-lbz.github.io/issues/2#issuecomment-3540247346
https://vuldb.com/?ctiid.333793
https://vuldb.com/?id.333793
https://vuldb.com/?submit.690728
https://www.zentao.net/extension-viewext-6.html

CVSS

Base:	6.5
Impact:	6.4
Exploitability:	8.0

Pristup

Vektor	Složenost	Autentikacija
NETWORK	LOW	SINGLE

Impact

Povjerljivost	Cjelovitost	Dostupnost
PARTIAL	PARTIAL	PARTIAL

CVSS vektor

AV:N/AC:L/Au:S/C:P/I:P/A:P

Zadnje važnije ažuriranje

01-12-2025 - 15:39

Objavljeno

30-11-2025 - 14:16