CVE-2025-11284
Unknown Unknown - Not Provided

BaseFortify

Vulnerability report for CVE-2025-11284, including description, CVSS score, EPSS score, affected products, exploitability, helpful resources, and attack-flow context.

Publication date: 2025-10-05

Last updated on: 2026-04-29

Assigner: VulDB

Description

A vulnerability has been found in Zytec Dalian Zhuoyun Technology Central Authentication Service 3. Affected by this vulnerability is an unknown functionality of the file /index.php/auth/Ops/git of the component HTTP Header Handler. The manipulation of the argument Authorization leads to use of hard-coded password. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.

CVSS Scores

EPSS Scores

Probability:
Percentile:

Meta Information

Published
2025-10-05
Last Modified
2026-04-29
Generated
2026-07-06
AI Q&A
2025-10-05
EPSS Evaluated
2026-07-05
NVD

Affected Vendors & Products

Showing 1 associated CPE
Vendor Product Version / Range
zytec dalian_zhuyun_technology_central_authentication_service 3

Helpful Resources

Exploitability

CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-255
CWE-259 The product contains a hard-coded password, which it uses for its own inbound authentication or for outbound communication to external components.

Attack-Flow Graph

AI Quick Actions

Instant insights powered by AI
Executive Summary

CVE-2025-11284 is a remote code execution vulnerability in Zytec Dalian Zhuoyun Technology Central Authentication Service 3. It occurs due to the use of a hard-coded password in the Authorization HTTP header within the /index.php/auth/Ops/git component. Attackers can manipulate this Authorization argument to bypass authentication and remotely execute arbitrary commands on the affected system without any prior authentication. [1, 3]

Impact Analysis

This vulnerability allows attackers to remotely execute arbitrary commands on the affected system, potentially leading to unauthorized access, data compromise, and disruption of services. Since the affected component is a central authentication service, exploitation could compromise the entire authentication mechanism of an organization, affecting multiple systems and users. The vulnerability is easy to exploit and publicly disclosed, increasing the risk of attacks. [1, 2, 3]

Detection Guidance

This vulnerability can be detected by monitoring HTTP requests to the path /index.php/auth/Ops/git for suspicious Authorization headers using the hard-coded password. You can look for HTTP requests containing the header Authorization: Basic enl0ZWM6WUdEMHc3bW9FSw==. Additionally, you can attempt to test the vulnerability by sending a crafted POST request similar to the example exploit, for instance using curl: curl -X POST "http://<target>/index.php/auth/Ops/git" \ -H "Authorization: Basic enl0ZWM6WUdEMHc3bW9FSw==" \ -H "Content-Type: application/x-www-form-urlencoded" \ -d "cmd=142&cwd=&params[append]=||whoami" If the server executes the command and returns the output, it is vulnerable. [2]

Mitigation Strategies

Immediate mitigation steps include applying restrictive firewall rules to limit access to the vulnerable endpoint /index.php/auth/Ops/git, especially blocking unauthorized external access. Since the vendor has not provided a patch, restricting network access to trusted IPs or internal networks is critical. Monitoring and blocking HTTP requests containing the hard-coded Authorization header can also help reduce exploitation risk. [3]

Chat Assistant

Ask questions about this CVE
Hi! I’m here to help you understand CVE-2025-11284. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70

EPSS Chart