CVE-2025-11284

216.73.216.233

· Published 05/10/2025 06:15 · Modified 06/10/2025 14:56

Labels: CVE-2025-11284 2025-10-05 CVE-2025-11284 CWE-255 [email protected]

Essential information

Published: 05/10/2025 06:15
Modified: 06/10/2025 14:56
Author: —
Creator: —
CVSS: 6.9 MEDIUM (v3) 6.9 MEDIUM (v4.0)
CISA KEV: No
CWE: —
CVSS vector: —

CVSS metrics

Description

A vulnerability has been found in Zytec Dalian Zhuoyun Technology Central Authentication Service 3. Affected by this vulnerability is an unknown functionality of the file /index.php/auth/Ops/git of the component HTTP Header Handler. The manipulation of the argument Authorization leads to use of hard-coded password. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.

NVD status

Status: Awaiting Analysis — CVE has been recently published to the CVE List and has been received by the NVD.
Source: [email protected]
NVD: View on NVD

Affected products (CPE)

Product	CPE
zytec dalian zhuyun technology / central authentication service	`cpe:2.3:a:zytec_dalian_zhuyun_technology:central_authentication_service:3:::::::*`