CVE-2025-14836

Summary

A flaw has been found in ZZCMS 2025. Affected by this vulnerability is an unknown functionality of the file /reg/user_save.php of the component User Data Storage Module. This manipulation causes cleartext storage in a file or on disk. Remote exploitation of the attack is possible. The exploit has been published and may be used.

Affected Software

VendorProductVersion RangeStatus
n/aZZCMS2025affected

Weaknesses

  • CWE-313: Cleartext Storage in a File or on Disk
  • CWE-312: Cleartext Storage of Sensitive Information

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: poc
    • Automatable: no
    • Technical Impact: partial

Additional References

References