CVE-2025-14836
Unknown Unknown - Not Provided
Cleartext Storage Vulnerability in ZZCMS 2025 User Module

Publication date: 2025-12-17

Last updated on: 2026-04-29

Assigner: VulDB

Description
A flaw has been found in ZZCMS 2025. Affected by this vulnerability is an unknown functionality of the file /reg/user_save.php of the component User Data Storage Module. This manipulation causes cleartext storage in a file or on disk. Remote exploitation of the attack is possible. The exploit has been published and may be used.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2025-12-17
Last Modified
2026-04-29
Generated
2026-05-07
AI Q&A
2025-12-18
EPSS Evaluated
2026-05-05
NVD
CVE-2025-14836
EUVD
EUVD-2025-204007
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
zzcms zzcms *
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-313 The product stores sensitive information in cleartext in a file, or on disk.
CWE-312 The product stores sensitive information in cleartext within a resource that might be accessible to another control sphere.
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?

This vulnerability is a flaw in ZZCMS 2025 affecting the User Data Storage Module, specifically in the /reg/user_save.php file. It causes user data to be stored in cleartext on disk, which means sensitive information is not encrypted and can be accessed by unauthorized parties. The vulnerability can be exploited remotely, and an exploit has already been published.


How can this vulnerability impact me? :

The vulnerability can lead to unauthorized access to sensitive user data because it is stored in cleartext. This exposure can result in data breaches, loss of user privacy, and potential misuse of the information by attackers who exploit the flaw remotely.


Ask Our AI Assistant
Need more information? Ask your question to get an AI reply (Powered by our expertise)
0/70
EPSS Chart