CVE-2025-10766 – This CVE describes a path traversal vulnerabili... (How to Fix)

Q: What is the severity of CVE-2025-10766?

CVE-2025-10766 has a CVSS score of 4.3 (MEDIUM). This CVE describes a path traversal vulnerability in SeriaWei ZKEACMS up to version 4.3. Attackers can manipulate the ID parameter in the Download function to access arbitrary files on the server. Organizations using vulnerable versions of ZKEACMS are affected.

📋 TL;DR

This CVE describes a path traversal vulnerability in SeriaWei ZKEACMS up to version 4.3. Attackers can manipulate the ID parameter in the Download function to access arbitrary files on the server. Organizations using vulnerable versions of ZKEACMS are affected.

💻 Affected Systems

Products:

SeriaWei ZKEACMS

Versions: Up to and including 4.3

Operating Systems: Windows, Linux

Default Config Vulnerable: ⚠️ Yes

Notes: All installations up to version 4.3 are vulnerable by default. The vulnerability exists in the EventViewerController.cs file.

📦 What is this software?

Zkeacms by Zkea

View all CVEs affecting Zkeacms →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete server compromise through sensitive file disclosure (e.g., configuration files, credentials, source code) leading to data theft or further exploitation.

🟠

Likely Case

Unauthorized access to sensitive files containing configuration data, user information, or system files, potentially enabling lateral movement.

🟢

If Mitigated

Limited impact with proper file system permissions and input validation, restricting access to non-critical files only.

🌐 Internet-Facing: HIGH - Attack can be launched remotely without authentication, making internet-facing instances particularly vulnerable.

🏢 Internal Only: MEDIUM - Internal attackers could exploit this to access sensitive files, but requires network access to the vulnerable system.

🎯 Exploit Status

Public PoC: ⚠️ Yes

Weaponized: UNKNOWN

Unauthenticated Exploit: ⚠️ Yes

Complexity: LOW

Exploit details are publicly available on GitHub. The attack requires manipulating the ID parameter to traverse directories.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Unknown - vendor did not respond to disclosure

Vendor Advisory: None available

Restart Required: No

Instructions:

No official patch available. Consider upgrading to a version above 4.3 if available, or implement workarounds.

🔧 Temporary Workarounds

Input Validation Filter

all

Implement server-side validation to reject directory traversal sequences in the ID parameter

Add validation in EventViewerController.cs to sanitize ID parameter before processing

Web Application Firewall Rule

all

Block requests containing directory traversal patterns

WAF rule to block patterns like ../, ..\, %2e%2e%2f

🧯 If You Can't Patch

Restrict file system permissions to limit accessible directories
Implement network segmentation to isolate ZKEACMS from sensitive systems

🔍 How to Verify

Check if Vulnerable:

Check ZKEACMS version. If version ≤ 4.3, test by attempting to access files using path traversal in the Download endpoint.

Check Version:

Check web.config or application settings for ZKEACMS version information

Verify Fix Applied:

Test that directory traversal attempts are blocked or properly sanitized in the Download function.

📡 Detection & Monitoring

Log Indicators:

Unusual file access patterns in web server logs
Requests with ../ or similar traversal sequences in URL parameters

Network Indicators:

HTTP requests to Download endpoint with suspicious ID parameters containing path traversal sequences

SIEM Query:

source="web_logs" AND (url="*Download*" AND (param="*../*" OR param="*..\\*" OR param="*%2e%2e%2f*"))

📊 Metadata

CVE ID: CVE-2025-10766

CVSS v3 Score: 4.3 (MEDIUM)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

CWE: CWE-22

EPSS Score: 0.11% exploit probability (29.3th percentile)

Published: September 21, 2025

Last Updated: October 14, 2025

🔗 References

https://github.com/August829/YU1/issues/1 Issue Tracking,Third Party Advisory
https://vuldb.com/?ctiid.325121 Permissions Required,VDB Entry
https://vuldb.com/?id.325121 Third Party Advisory,VDB Entry
https://vuldb.com/?submit.650445 Third Party Advisory,VDB Entry

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2025-10766, you might also want to check these: