CVE Catalog

CVE-2025-52239

CriticalCVSS 9.8
Published: Updated: Translated: NVD NIST

Exploitation Probability (EPSS)

Low risk
0.45%

36th percentile - higher than 36% of all known CVEs

Summary

An arbitrary file upload vulnerability in ZKEACMS v4.1 allows attackers to execute arbitrary code via a crafted file.

Risk Assessment

An attacker can upload a malicious file, leading to remote code execution on the server, potentially compromising the entire system.

Recommendation

It is recommended to immediately update ZKEACMS to the latest version and implement file type validation and size restrictions.

Original NVD description (English source)

An arbitrary file upload vulnerability in ZKEACMS v4.1 allows attackers to execute arbitrary code via a crafted file.

Vulnerability data from NVD (NIST) · CISA KEV · EPSS