CVE-2025-5114
Vulnerability in easysoft zentaopms 21.5_20250307
Overview
CVE-2025-5114 is a critical vulnerability found in the easysoft zentaopms 21.5_20250307. It exploits the function Edit of a specific file of the component Committer. The vulnerability leads to deserialization due to the manipulation of the argument filePath.
Technical Details
The vulnerability affects the file /index.php?m=editor&f=edit&filePath=cGhhcjovLy9ldGMvcGFzc3dk&action=edit of the component Committer in easysoft zentaopms 21.5_20250307. An attack exploiting this vulnerability can be initiated remotely with low attack complexity and user interaction is not required for the attack.
CVSS Metrics
- cvss_score: 6.3
- severity: MEDIUM
- attack_vector: NETWORK
- attack_complexity: LOW
- privileges_required: LOW
Impact
This vulnerability can potentially impact the confidentiality, integrity, and availability of the system by enabling unauthorized disclosure of information, modification, or disruption of service.
Recommendations
Regularly update and patch your system. Check vendor's updates regarding this vulnerability. Implement file integrity monitoring and intrusion detection systems to prevent exploitation.
Threat Metrics
- "cvss_score": 6.3
- "severity": "MEDIUM"
- "attack_vector": "NETWORK"
- "attack_complexity": "LOW"