Login Sign Up

CVE-2025-14836

2.7 LOW

📋 TL;DR

This vulnerability in ZZCMS 2025 allows attackers to store user data in cleartext on disk through the /reg/user_save.php file. Remote exploitation is possible, potentially exposing sensitive information. All users of ZZCMS 2025 with the vulnerable component are affected.

💻 Affected Systems

Products:
  • ZZCMS
Versions: 2025 version
Operating Systems: All
Default Config Vulnerable: ⚠️ Yes
Notes: Specifically affects the User Data Storage Module via /reg/user_save.php

📦 What is this software?

Zzcms by Zzcms

View all CVEs affecting Zzcms →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Sensitive user data (potentially including passwords, personal information) stored in cleartext files accessible to attackers, leading to data breaches and credential theft.

🟠

Likely Case

Exposure of user registration data stored in cleartext files that could be accessed through directory traversal or improper file permissions.

🟢

If Mitigated

Limited exposure if proper file system permissions restrict access and data is minimal or non-sensitive.

🌐 Internet-Facing: HIGH
🏢 Internal Only: MEDIUM

🎯 Exploit Status

Public PoC: ⚠️ Yes
Weaponized: LIKELY
Unauthenticated Exploit: ⚠️ Yes
Complexity: LOW

Exploit has been published according to references, making exploitation straightforward for attackers.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Unknown

Vendor Advisory: None provided in references

Restart Required: No

Instructions:

No official patch available. Monitor vendor channels for updates.

🔧 Temporary Workarounds

Restrict access to /reg/user_save.php

all

Block or restrict access to the vulnerable file using web server configuration or firewall rules.

# Apache: Add to .htaccess
<Files "user_save.php">
    Order Deny,Allow
    Deny from all
</Files>
# Nginx: Add to server block
location ~ /reg/user_save\.php$ {
    deny all;
}

Implement proper file permissions

linux

Ensure files created by the application have restrictive permissions and are stored outside web root.

# Set restrictive permissions on data directories
chmod 600 /path/to/data/files/*
# Move data files outside web root
mv /var/www/html/reg/data /secure/location/

🧯 If You Can't Patch

  • Implement network segmentation to isolate ZZCMS systems from sensitive networks.
  • Deploy file integrity monitoring to detect unauthorized access to data files.

🔍 How to Verify

Check if Vulnerable:

Check if /reg/user_save.php exists and creates files with cleartext data. Test by submitting user registration data and examining created files.

Check Version:

Check ZZCMS version in admin panel or configuration files.

Verify Fix Applied:

Verify that user data is no longer stored in cleartext files or that access to vulnerable files is blocked.

📡 Detection & Monitoring

Log Indicators:

  • Unusual access patterns to /reg/user_save.php
  • File creation/modification events in data directories

Network Indicators:

  • HTTP requests to /reg/user_save.php with POST data
  • Unusual outbound data transfers

SIEM Query:

source="web_logs" AND (uri="/reg/user_save.php" OR uri LIKE "%/reg/user_save%")

📊 Metadata

CVE ID: CVE-2025-14836
CVSS v3 Score: 2.7 (LOW)
CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N
CWE: CWE-312
EPSS Score: 0.01% exploit probability (2.2th percentile)
Published: December 17, 2025
Last Updated: December 30, 2025

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2025-14836, you might also want to check these:

CVE-2022-43757 9.9

CVE-2022-43757 is a cleartext storage vulnerability in SUSE Rancher that allows users on managed clu...

Same vulnerability type (CWE-312)
CVE-2021-29954 9.8

This vulnerability in Hubs Cloud's Reticulum software allowed attackers to use the proxy functionali...

Same vulnerability type (CWE-312)
CVE-2022-26148 9.8

This vulnerability exposes Zabbix account passwords in Grafana's HTML source code when integrated wi...

Same vulnerability type (CWE-312)