Unrated severityNVD Advisory· Published Nov 5, 2025· Updated Nov 5, 2025

CVE-2025-57130

Description

An Incorrect Access Control vulnerability in the user management component of ZwiiCMS up to v13.6.07 allows a remote, authenticated attacker to escalate their privileges. By sending a specially crafted HTTP request, a low-privilege user can access and modify the profile data of any other user, including administrators.

Affected products

ZwiiCMS/ZwiiCMSdescription
ZwiiCMS/ZwiiCMSllm-fuzzy
Range: <=13.6.07

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

zwiicms.commitre
blog.nivel4.com/noticias/cve-2025-57130-especialistas-de-nivel4-identifican-falla-de-alta-severidad-en-gestor-de-contenidosmitre

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.000
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000