CVE Catalog
CVE-2025-52239
CriticalCVSS 9.8Exploitation Probability (EPSS)
Low risk0.45%
36th percentile - higher than 36% of all known CVEs
Summary
An arbitrary file upload vulnerability in ZKEACMS v4.1 allows attackers to execute arbitrary code via a crafted file.
Risk Assessment
An attacker can upload a malicious file, leading to remote code execution on the server, potentially compromising the entire system.
Recommendation
It is recommended to immediately update ZKEACMS to the latest version and implement file type validation and size restrictions.
Original NVD description (English source)
An arbitrary file upload vulnerability in ZKEACMS v4.1 allows attackers to execute arbitrary code via a crafted file.

