Unrated severityNVD Advisory· Published Dec 25, 2025· Updated Dec 26, 2025

TOZED ZLT M30s Web Management proc_post information disclosure

CVE-2025-15082

Description

A vulnerability was found in TOZED ZLT M30s up to 1.47. Impacted is an unknown function of the file /reqproc/proc_post of the component Web Management Interface. Performing manipulation of the argument goformId results in information disclosure. It is possible to initiate the attack remotely. The exploit has been made public and could be used. The vendor was contacted early about this disclosure but did not respond in any way.

Affected products

Tozed/Zlt M30sv5
Range: 1.0

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

youtu.be/u_H29UdiPOcmitreexploitmedia-coverage
vuldb.commitrethird-party-advisory
vuldb.commitresignaturepermissions-required
vuldb.commitrevdb-entrytechnical-description
www.hacklab.eu.org/blogs/zlt_m30s_information_disclosuremitrerelated

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.000
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000