CVE-2025-11284
Unknown Unknown - Not Provided
BaseFortify

Publication date: 2025-10-05

Last updated on: 2026-04-29

Assigner: VulDB

Description
A vulnerability has been found in Zytec Dalian Zhuoyun Technology Central Authentication Service 3. Affected by this vulnerability is an unknown functionality of the file /index.php/auth/Ops/git of the component HTTP Header Handler. The manipulation of the argument Authorization leads to use of hard-coded password. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2025-10-05
Last Modified
2026-04-29
Generated
2026-06-16
AI Q&A
2025-10-05
EPSS Evaluated
2026-06-15
NVD
CVE-2025-11284
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
zytec dalian_zhuyun_technology_central_authentication_service 3
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-259 The product contains a hard-coded password, which it uses for its own inbound authentication or for outbound communication to external components.
CWE-255
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

CVE-2025-11284 is a remote code execution vulnerability in Zytec Dalian Zhuoyun Technology Central Authentication Service 3. It occurs due to the use of a hard-coded password in the Authorization HTTP header within the /index.php/auth/Ops/git component. Attackers can manipulate this Authorization argument to bypass authentication and remotely execute arbitrary commands on the affected system without any prior authentication. [1, 3]

Impact Analysis

This vulnerability allows attackers to remotely execute arbitrary commands on the affected system, potentially leading to unauthorized access, data compromise, and disruption of services. Since the affected component is a central authentication service, exploitation could compromise the entire authentication mechanism of an organization, affecting multiple systems and users. The vulnerability is easy to exploit and publicly disclosed, increasing the risk of attacks. [1, 2, 3]

Detection Guidance

This vulnerability can be detected by monitoring HTTP requests to the path /index.php/auth/Ops/git for suspicious Authorization headers using the hard-coded password. You can look for HTTP requests containing the header Authorization: Basic enl0ZWM6WUdEMHc3bW9FSw==. Additionally, you can attempt to test the vulnerability by sending a crafted POST request similar to the example exploit, for instance using curl: curl -X POST "http://<target>/index.php/auth/Ops/git" \ -H "Authorization: Basic enl0ZWM6WUdEMHc3bW9FSw==" \ -H "Content-Type: application/x-www-form-urlencoded" \ -d "cmd=142&cwd=&params[append]=||whoami" If the server executes the command and returns the output, it is vulnerable. [2]

Mitigation Strategies

Immediate mitigation steps include applying restrictive firewall rules to limit access to the vulnerable endpoint /index.php/auth/Ops/git, especially blocking unauthorized external access. Since the vendor has not provided a patch, restricting network access to trusted IPs or internal networks is critical. Monitoring and blocking HTTP requests containing the hard-coded Authorization header can also help reduce exploitation risk. [3]

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2025-11284. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart