CVE-2025-11272
📋 TL;DR
This vulnerability in SeriaWei ZKEACMS allows unauthorized deletion of URL redirection entries through improper authorization in the POST request handler. Remote attackers can exploit this to disrupt website functionality by removing important redirects. All users running ZKEACMS up to version 4.3 are affected.
💻 Affected Systems
- SeriaWei ZKEACMS
⚠️ Manual Verification Required
This CVE does not have specific version information in our database, so automatic vulnerability detection cannot determine if your system is affected.
Why? The CVE database entry doesn't specify which versions are vulnerable (no version ranges provided by the vendor/NVD).
🔒 Custom verification scripts are available for registered users. Sign up free to download automated test scripts.
- Review the CVE details at NVD
- Check vendor security advisories for your specific version
- Test if the vulnerability is exploitable in your environment
- Consider updating to the latest version as a precaution
⚠️ Risk & Real-World Impact
Worst Case
Attackers could delete all URL redirection rules, breaking website navigation and causing service disruption for legitimate users.
Likely Case
Selective deletion of important redirects leading to broken links and degraded user experience.
If Mitigated
Minimal impact with proper network segmentation and authentication controls in place.
🎯 Exploit Status
Exploit details are publicly available in GitHub issues; requires some authentication but authorization bypass allows exploitation.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: Unknown
Vendor Advisory: None available
Restart Required: No
Instructions:
No official patch available. Consider upgrading to any version above 4.3 if available, or implement workarounds.
🔧 Temporary Workarounds
Disable URL Redirection Module
allTemporarily disable the vulnerable URL redirection component to prevent exploitation.
Modify application configuration to disable ZKEACMS.Redirection module
Implement Web Application Firewall Rules
allBlock POST requests to the vulnerable endpoint /UrlRedirectionController/Delete
WAF rule: Block POST requests matching pattern *UrlRedirectionController/Delete*
🧯 If You Can't Patch
- Implement strict network access controls to limit access to the ZKEACMS administration interface
- Enable detailed logging for all URL redirection operations and monitor for unauthorized deletion attempts
🔍 How to Verify
Check if Vulnerable:
Check if running ZKEACMS version 4.3 or earlier and if the URL redirection module is enabled.Check Version:
Check ZKEACMS version in application configuration or admin panelVerify Fix Applied:
Verify that POST requests to /UrlRedirectionController/Delete are properly authenticated and authorized, or that the module is disabled.📡 Detection & Monitoring
Log Indicators:
- Multiple DELETE operations on URL redirections from unauthorized users
- Failed authorization attempts followed by successful redirection deletions
Network Indicators:
- POST requests to /UrlRedirectionController/Delete endpoint
- Unusual patterns of redirection rule modifications
SIEM Query:
source="zkeacms" AND (uri="/UrlRedirectionController/Delete" OR action="delete_redirection") AND user NOT IN [authorized_admin_users]