216.73.217.24

CVE-2025-34467

· Published 31/12/2025 19:15 · Modified 31/12/2025 20:42

Labels: CVE-2025-34467 2025-12-31CVE-2025-34467CWE-667[email protected]

Essential information

Published
31/12/2025 19:15
Modified
31/12/2025 20:42
Author
Creator
CVSS
5.3 MEDIUM (v3) 5.3 MEDIUM (v4.0)
CISA KEV
No
CWE
CVSS vector

CVSS metrics

Description

ZwiiCMS versions prior to 13.7.00 contain a denial-of-service vulnerability in multiple administrative endpoints due to improper authorization checks combined with flawed resource state management. When an authenticated low-privilege user requests an administrative page, the application returns "404 Not Found" as expected, but incorrectly acquires and associates a temporary lock on the targeted resource with the attacker session prior to authorization. This lock prevents other users, including administrators, from accessing the affected functionality until the attacker navigates away or the session is terminated.

NVD status

Status
Awaiting Analysis — CVE has been recently published to the CVE List and has been received by the NVD.
Source
[email protected]
NVD
View on NVD

Affected products (CPE)

ProductCPE
zwii / zwii cms cpe:2.3:a:zwii:zwii_cms:<13.7.00:*:*:*:*:*:*:*

References