VYPR
Medium severity6.3NVD Advisory· Published Sep 15, 2025· Updated Apr 29, 2026

CVE-2025-10471

CVE-2025-10471

Description

A vulnerability was detected in ZKEACMS 4.3. Impacted is the function Proxy of the file src/ZKEACMS/Controllers/MediaController.cs. Performing manipulation of the argument url results in server-side request forgery. It is possible to initiate the attack remotely. The exploit is now public and may be used.

Affected products

2
  • Zkea/Zkeacms2 versions
    cpe:2.3:a:zkea:zkeacms:4.3:*:*:*:*:*:*:*+ 1 more
    • cpe:2.3:a:zkea:zkeacms:4.3:*:*:*:*:*:*:*
    • (no CPE)range: = 4.3

Patches

Vulnerability mechanics

References

5

News mentions

0

No linked articles in our index yet.