CVE Catalog

CVE-2025-34467

MediumCVSS 4.3
Published: Updated: Translated: NVD NIST

Exploitation Probability (EPSS)

Low risk
0.19%

9th percentile - higher than 9% of all known CVEs

Summary

ZwiiCMS versions prior to 13.7.00 contain a denial-of-service vulnerability in multiple administrative endpoints due to improper authorization checks combined with flawed resource state management.

Risk Assessment

An authenticated low-privilege user can block administrators from accessing administrative functions, leading to system downtime and preventing site management.

Recommendation

Immediately update ZwiiCMS to version 13.7.00 or later, which fixes this vulnerability.

Original NVD description (English source)

ZwiiCMS versions prior to 13.7.00 contain a denial-of-service vulnerability in multiple administrative endpoints due to improper authorization checks combined with flawed resource state management. When an authenticated low-privilege user requests an administrative page, the application returns "404 Not Found" as expected, but incorrectly acquires and associates a temporary lock on the targeted resource with the attacker session prior to authorization. This lock prevents other users, including administrators, from accessing the affected functionality until the attacker navigates away or the session is terminated.

Vulnerability data from NVD (NIST) · CISA KEV · EPSS