CVE-2025-15132
Command Injection in ZSPACE Z4Pro+ HTTP POST Handler
Publication date: 2025-12-28
Last updated on: 2026-04-29
Assigner: VulDB
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| zspace | z4pro+ | 1.0.0440024 |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-77 | The product constructs all or part of a command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended command when it is sent to a downstream component. |
| CWE-74 | The product constructs all or part of a command, data structure, or record using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify how it is parsed or interpreted when it is sent to a downstream component. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability exists in the ZSPACE Z4Pro+ 1.0.0440024, specifically in the function zfilev2_api_open within the HTTP POST Request Handler component. It allows an attacker to perform command injection by manipulating the HTTP POST request, potentially executing arbitrary commands on the affected system. The attack can be initiated remotely.
How can this vulnerability impact me? :
The vulnerability can allow a remote attacker to execute arbitrary commands on the affected system, which may lead to unauthorized access, data compromise, system disruption, or further exploitation of the system.
How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:
The provided resources do not contain information regarding the impact of CVE-2025-15132 on compliance with common standards and regulations such as GDPR or HIPAA.
How can this vulnerability be detected on my network or system? Can you suggest some commands?
Detection of CVE-2025-15132 can involve monitoring for suspicious HTTP POST requests to the endpoint /v2/file/safe/open, especially those containing unusual or malformed 'safe_dir' parameters that may include shell command injection patterns. Network intrusion detection systems (NIDS) can be configured to alert on POST requests to this endpoint with suspicious payloads. Additionally, inspecting logs for unexpected commands executed or unusual directory names under snapshot paths may help. Specific commands to detect exploitation attempts are not provided in the resources, but monitoring HTTP POST traffic to /v2/file/safe/open and searching for patterns like '$(...)' or other shell injection syntax in parameters could be useful. [1, 3]
What immediate steps should I take to mitigate this vulnerability?
Immediate mitigation steps include replacing the affected ZSPACE Z4Pro+ device or firmware version 1.0.0440024 with an alternative product or updated firmware if available, as no known fixes or countermeasures have been published by the vendor. Restricting network access to the vulnerable HTTP POST endpoint /v2/file/safe/open and limiting user privileges to prevent creation of malicious snapshot directories can reduce risk. Monitoring and blocking suspicious POST requests to this endpoint is also recommended. Since the vulnerability allows remote command execution with root privileges, isolating the device from untrusted networks until a fix or replacement is applied is advised. [1, 2, 3]