CVE-2025-13787

medium

Description

A flaw has been found in ZenTao up to 21.7.6-8564. The affected element is the function file::delete of the file module/file/control.php of the component File Handler. Executing manipulation of the argument fileID can lead to improper privilege management. It is possible to launch the attack remotely. Upgrading to version 21.7.7 is sufficient to fix this issue. You should upgrade the affected component.

References

Advisories
More

https://vuldb.com/?submit.689892

https://vuldb.com/?id.333791

https://www.zentao.net/extension-buyext-1601-download.html

https://vuldb.com/?ctiid.333791

https://github.com/ez-lbz/ez-lbz.github.io/issues/1#issuecomment-3540423868

https://github.com/ez-lbz/ez-lbz.github.io/issues/1

Details

Source: Mitre, NVD

Published: 2025-11-30

Updated: 2025-12-04

Risk Information

CVSS v2

Base Score: 5.5

Vector: CVSS2#AV:N/AC:L/Au:S/C:N/I:P/A:P

Severity: Medium

CVSS v3

Base Score: 9.1

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H

Severity: Critical

CVSS v4

Base Score: 5.3

Vector: CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:L/SC:N/SI:N/SA:N

Severity: Medium

EPSS

EPSS: 0.00043