CVE-2025-10764 – This vulnerability in SeriaWei ZKEACMS allows a... (How to Fix)

Q: What is the severity of CVE-2025-10764?

CVE-2025-10764 has a CVSS score of 6.3 (MEDIUM). This vulnerability in SeriaWei ZKEACMS allows attackers to perform server-side request forgery (SSRF) attacks by manipulating the Data argument in the Edit function of the PendingTaskController. Attackers can force the server to make unauthorized requests to internal or external systems. This affects all users of ZKEACMS up to version 4.3.

📋 TL;DR

This vulnerability in SeriaWei ZKEACMS allows attackers to perform server-side request forgery (SSRF) attacks by manipulating the Data argument in the Edit function of the PendingTaskController. Attackers can force the server to make unauthorized requests to internal or external systems. This affects all users of ZKEACMS up to version 4.3.

💻 Affected Systems

Products:

SeriaWei ZKEACMS

Versions: Up to and including version 4.3

Operating Systems: Any OS running ZKEACMS

Default Config Vulnerable: ⚠️ Yes

Notes: Affects the Event Action System component specifically. All installations with the vulnerable component are affected.

📦 What is this software?

Zkeacms by Zkea

View all CVEs affecting Zkeacms →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Attackers could access internal services, exfiltrate sensitive data, or pivot to other systems within the network.

🟠

Likely Case

Unauthorized access to internal HTTP services, potential data leakage from internal APIs or services.

🟢

If Mitigated

Limited to accessing only allowed external resources if proper network segmentation and egress filtering are in place.

🌐 Internet-Facing: HIGH - The vulnerability can be exploited remotely and the exploit is publicly available.

🏢 Internal Only: MEDIUM - Internal attackers could exploit this to pivot within the network, but requires access to the vulnerable system.

🎯 Exploit Status

Public PoC: ⚠️ Yes

Weaponized: UNKNOWN

Unauthenticated Exploit: ✅ No

Complexity: LOW

Exploit details are publicly available on GitHub. The vulnerability requires some level of access to the Edit function, but specific authentication requirements are not detailed in the CVE description.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Unknown - vendor did not respond to disclosure

Vendor Advisory: None available

Restart Required: No

Instructions:

No official patch available. Consider upgrading to any version beyond 4.3 if available, or implement workarounds.

🔧 Temporary Workarounds

Input Validation and Sanitization

all

Implement strict validation of the Data parameter to reject URLs or restrict to allowed domains only.

Implement server-side validation in PendingTaskController.cs to validate and sanitize the Data parameter before processing.

Network Egress Filtering

all

Restrict outbound HTTP/HTTPS requests from the ZKEACMS server to only necessary external services.

Configure firewall rules to limit outbound connections from the ZKEACMS server to approved destinations only.

🧯 If You Can't Patch

Implement web application firewall (WAF) rules to block SSRF patterns in requests to the PendingTaskController.
Isolate the ZKEACMS server in a restricted network segment with limited outbound access.

🔍 How to Verify

Check if Vulnerable:

Check if ZKEACMS version is 4.3 or earlier by examining the application version in admin panel or configuration files.

Check Version:

Check web.config or application settings for version information, or look at the admin dashboard.

Verify Fix Applied:

Test the Edit function with SSRF payloads to confirm they are blocked or properly sanitized.

📡 Detection & Monitoring

Log Indicators:

Unusual outbound HTTP requests from the ZKEACMS server to internal IP addresses or unexpected domains
Multiple failed attempts to access the PendingTaskController Edit endpoint

Network Indicators:

HTTP requests from ZKEACMS server to internal services that shouldn't be accessed
Outbound connections to unusual ports or IP ranges

SIEM Query:

source="ZKEACMS" AND (url CONTAINS "PendingTaskController/Edit" OR dest_ip IN [internal_ranges])

📊 Metadata

CVE ID: CVE-2025-10764

CVSS v3 Score: 6.3 (MEDIUM)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L

CWE: CWE-918

EPSS Score: 0.06% exploit probability (19.9th percentile)

Published: September 21, 2025

Last Updated: October 14, 2025

🔗 References

https://github.com/August829/Yu/blob/main/58ead8e7e08bfb021.md Broken Link
https://vuldb.com/?ctiid.325119 Permissions Required,VDB Entry
https://vuldb.com/?id.325119 Third Party Advisory,VDB Entry
https://vuldb.com/?submit.647629 Third Party Advisory,VDB Entry

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2025-10764, you might also want to check these: