Login Sign Up

CVE-2025-1847

6.3 MEDIUM
Authentication Bypass

📋 TL;DR

This CVE describes an improper authorization vulnerability in zj1983 zz software up to version 2024-8. Attackers can exploit this remotely to bypass authorization controls and potentially access unauthorized functionality or data. All users running affected versions are vulnerable.

💻 Affected Systems

Products:
  • zj1983 zz
Versions: Up to and including 2024-8
Operating Systems: Unknown - likely multiple
Default Config Vulnerable: ⚠️ Yes
Notes: Specific affected components are unknown due to limited disclosure details.

📦 What is this software?

Zz by Zframeworks

View all CVEs affecting Zz →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete system compromise through privilege escalation leading to data theft, system manipulation, or installation of persistent backdoors.

🟠

Likely Case

Unauthorized access to sensitive functionality or data, potentially enabling further lateral movement within the network.

🟢

If Mitigated

Limited impact with proper network segmentation and least privilege access controls in place.

🌐 Internet-Facing: HIGH
🏢 Internal Only: MEDIUM

🎯 Exploit Status

Public PoC: ⚠️ Yes
Weaponized: LIKELY
Unauthenticated Exploit: ⚠️ Yes
Complexity: LOW

Exploit details are publicly available in GitHub repositories, making exploitation accessible.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Unknown

Vendor Advisory: None available

Restart Required: No

Instructions:

No official patch available. Consider upgrading to any version after 2024-8 if available, or implement workarounds.

🔧 Temporary Workarounds

Network Access Restriction

linux

Restrict network access to affected systems using firewall rules

iptables -A INPUT -p tcp --dport [PORT] -s [TRUSTED_IPS] -j ACCEPT
iptables -A INPUT -p tcp --dport [PORT] -j DROP

Application Layer Filtering

all

Implement WAF rules to detect and block exploitation attempts

🧯 If You Can't Patch

  • Isolate affected systems in a segmented network zone with strict access controls
  • Implement additional authentication and authorization layers before the vulnerable component

🔍 How to Verify

Check if Vulnerable:

Check installed version of zj1983 zz software. If version is 2024-8 or earlier, system is vulnerable.

Check Version:

Check application documentation for version command, typically something like 'zz --version' or check package manager

Verify Fix Applied:

Verify version is newer than 2024-8 or that workaround controls are properly implemented and tested.

📡 Detection & Monitoring

Log Indicators:

  • Unauthorized access attempts
  • Unexpected privilege escalation events
  • Access to restricted endpoints without proper authentication

Network Indicators:

  • Unusual traffic patterns to application ports
  • Requests bypassing authentication endpoints

SIEM Query:

source="application_logs" AND (event_type="auth_failure" OR event_type="unauthorized_access") AND process="zz"

📊 Metadata

CVE ID: CVE-2025-1847
CVSS v3 Score: 6.3 (MEDIUM)
CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
CWE: CWE-266
EPSS Score: 0.18% exploit probability (39.5th percentile)
Published: March 3, 2025
Last Updated: May 26, 2025

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2025-1847, you might also want to check these:

CVE-2026-23800 10.0

This vulnerability allows attackers to escalate privileges in Modular DS modular-connector WordPress...

Same vulnerability type (CWE-266)
CVE-2026-23550 10.0

This critical vulnerability in Modular DS allows attackers to escalate privileges due to incorrect p...

Same vulnerability type (CWE-266)
CVE-2025-41115 10.0

A critical vulnerability in Grafana's SCIM provisioning allows malicious SCIM clients to provision u...

Same vulnerability type (CWE-266)