CVE-2025-13787
BaseFortify
Publication date: 2025-11-30
Last updated on: 2025-12-04
Assigner: VulDB
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| zentao | zentao | to 21.7.7 (exc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-266 | A product incorrectly assigns a privilege to a particular actor, creating an unintended sphere of control for that actor. |
| CWE-269 | The product does not properly assign, modify, track, or check privileges for an actor, creating an unintended sphere of control for that actor. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability is a flaw in the ZenTao software up to version 21.7.6-8564, specifically in the file deletion function of the File Handler component. By manipulating the fileID argument, an attacker can exploit improper privilege management, potentially allowing unauthorized actions. The attack can be performed remotely. Upgrading to version 21.7.7 fixes this issue.
How can this vulnerability impact me? :
The vulnerability can lead to improper privilege management, which means an attacker might perform unauthorized file deletions or related actions remotely. This could result in loss or alteration of important files, impacting system integrity and availability.
What immediate steps should I take to mitigate this vulnerability?
Upgrade the affected ZenTao component to version 21.7.7 or later to fix the improper privilege management issue in the file::delete function.