cvedb.io
CVE-2025-57130
HIGH · CVSS 8.3
EPSS exploitation probability: 0%
Published 2025-11-05T16:15:40.203 · Last modified 2026-06-17T09:42:52.800

Summary

An Incorrect Access Control vulnerability in the user management component of ZwiiCMS up to v13.6.07 allows a remote, authenticated attacker to escalate their privileges. By sending a specially crafted HTTP request, a low-privilege user can access and modify the profile data of any other user, including administrators.

Affected products

zwiicms — zwiicms

Does this affect you?

Add your gear to cvedb and we'll alert you only when zwiicms ships something exploited.

Check my exposure →

References

This product uses data from the NVD API but is not endorsed or certified by the NVD. Informational only; not professional security advice.