CVE-2025-14837
Last modified
CVE-2025-14837 is a low-severity vulnerability rated 2/10 on the CVSS scale. A vulnerability has been found in ZZCMS 2025. Affected by this issue is the function stripfxg of the file /admin/siteconfig.php of the component Backend Website Settings Module. EPSS estimates a 0.39% chance of exploitation in the next 30 days.
Description
A vulnerability has been found in ZZCMS 2025. Affected by this issue is the function stripfxg of the file /admin/siteconfig.php of the component Backend Website Settings Module. Such manipulation of the argument icp leads to code injection. The attack can be executed remotely. The exploit has been disclosed to the public and may be used.
Metrics
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Weakness Enumeration
Affected Software
| Vendor | Product | Versions |
|---|---|---|
| Zzcms | Zzcms | 2025 |
References
- https://note-hxlab.wetolink.com/share/ekNgcv2wVByaExploit, Third Party Advisory
- https://vuldb.com/?ctiid.336987Permissions Required, VDB Entry
- https://vuldb.com/?id.336987Third Party Advisory, VDB Entry
- https://vuldb.com/?submit.711655Third Party Advisory, VDB Entry
- https://note-hxlab.wetolink.com/share/ekNgcv2wVByaExploit, Third Party Advisory
Timeline
- Published
- Last Modified
- Status
- Analyzed
Frequently Asked Questions
What is CVE-2025-14837?
How severe is CVE-2025-14837?
How do I fix CVE-2025-14837?
Are you affected by CVE-2025-14837?
Run a free Strix scan to check your systems for this vulnerability.
Scan your code nowSource: NVD / NIST