Login Sign Up

CVE-2025-13787

5.4 MEDIUM
Authentication Bypass

📋 TL;DR

This vulnerability in ZenTao's file handler allows attackers to manipulate file deletion operations through improper privilege management. Attackers can exploit this remotely to delete files they shouldn't have access to. Organizations using ZenTao up to version 21.7.6-8564 are affected.

💻 Affected Systems

Products:
  • ZenTao
Versions: Up to 21.7.6-8564
Operating Systems: All platforms running ZenTao
Default Config Vulnerable: ⚠️ Yes
Notes: All ZenTao installations up to the affected version are vulnerable by default.

📦 What is this software?

Zentao by Zentao

View all CVEs affecting Zentao →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Unauthorized deletion of critical system files leading to service disruption, data loss, or system compromise.

🟠

Likely Case

Unauthorized deletion of application files causing functionality loss or data integrity issues.

🟢

If Mitigated

Minimal impact with proper access controls and file permission restrictions in place.

🌐 Internet-Facing: HIGH - Attack can be launched remotely without authentication.
🏢 Internal Only: MEDIUM - Internal attackers could exploit this if they have network access.

🎯 Exploit Status

Public PoC: ✅ No
Weaponized: UNKNOWN
Unauthenticated Exploit: ⚠️ Yes
Complexity: LOW

The vulnerability allows remote exploitation without authentication, making it relatively easy to exploit.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: 21.7.7

Vendor Advisory: Not provided in references

Restart Required: Yes

Instructions:

1. Backup your ZenTao installation and database. 2. Download ZenTao version 21.7.7 or later from official sources. 3. Follow the official ZenTao upgrade documentation. 4. Restart the ZenTao service after upgrade.

🔧 Temporary Workarounds

Restrict network access

all

Limit access to ZenTao to trusted networks only

Use firewall rules to restrict access to ZenTao ports

Implement WAF rules

all

Block suspicious file deletion requests

Configure WAF to monitor and block abnormal file deletion patterns

🧯 If You Can't Patch

  • Implement strict network segmentation to isolate ZenTao from untrusted networks
  • Enable detailed logging and monitoring for file deletion operations

🔍 How to Verify

Check if Vulnerable:

Check ZenTao version in admin panel or via version file in installation directory

Check Version:

Check /path/to/zentaopms/VERSION file or admin panel

Verify Fix Applied:

Verify version is 21.7.7 or higher after upgrade

📡 Detection & Monitoring

Log Indicators:

  • Multiple file deletion requests from single IP
  • File deletion requests with unusual fileID parameters
  • Failed file deletion attempts with error messages

Network Indicators:

  • HTTP requests to file deletion endpoints with manipulated parameters
  • Unusual traffic patterns to file handler components

SIEM Query:

source="zentaopms" AND (uri="*/file/delete*" OR method="POST" AND uri="*/file/*") AND status=200

📊 Metadata

CVE ID: CVE-2025-13787
CVSS v3 Score: 5.4 (MEDIUM)
CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L
CWE: CWE-266
EPSS Score: 0.07% exploit probability (20.1th percentile)
Published: November 30, 2025
Last Updated: December 4, 2025

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2025-13787, you might also want to check these:

CVE-2026-23800 10.0

This vulnerability allows attackers to escalate privileges in Modular DS modular-connector WordPress...

Same vulnerability type (CWE-266)
CVE-2026-23550 10.0

This critical vulnerability in Modular DS allows attackers to escalate privileges due to incorrect p...

Same vulnerability type (CWE-266)
CVE-2025-41115 10.0

A critical vulnerability in Grafana's SCIM provisioning allows malicious SCIM clients to provision u...

Same vulnerability type (CWE-266)