CVE-2025-66315

Summary

There is a configuration defect vulnerability in the version server of ZTE MF258K Pro products. Due to improper directory permission settings, an attacker can execute write permissions in a specific directory.

Affected Software

VendorProductVersion RangeStatus
ZTEMF258KZTE_MF258kPRO_PLAY_V1.0.0B03affected
ZTEMF258KZTE_MF258PRO_STD_V1.0.0B04affected

Weaknesses

  • CWE-269: CWE-269 Improper Privilege Management

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: partial

References