HIGH
Score: 8.3/10
Vulnerability Summary
An Incorrect Access Control vulnerability in the user management component of ZwiiCMS up to v13.6.07 allows a remote, authenticated attacker to escalate their privileges. By sending a specially crafted HTTP request, a low-privilege user can access and modify the profile data of any other user, including administrators.
Technical Analysis
- CVE ID: CVE-2025-57130
- Published: 2025-11-05T16:15:40.203
- Status: Active
How to Fix & Protect
The primary mitigation is to update the affected software immediately. Check the vendor's official security advisory for the latest patch.
Mitigation: If a patch is not available, restrict network access to the vulnerable component or disable the service.