Home > Vulnerability Database > CVE-2025-10766

Mend.io Vulnerability Database

CVE-2025-10766

Date: September 21, 2025

A weakness has been identified in SeriaWei ZKEACMS up to 4.3. This issue affects the function Download of the file EventViewerController.cs. Executing manipulation of the argument ID can lead to path traversal. It is possible to launch the attack remotely. The exploit has been made available to the public and could be exploited. The vendor was contacted early about this disclosure but did not respond in any way.

Severity Score

9.8

Related Resources (6)

Url: https://github.com/August829/YU1/issues/1

Url: https://nvd.nist.gov/vuln/detail/CVE-2025-10766

Url: https://vuldb.com/?id.325121

Url: https://vuldb.com/?submit.650445

Url: https://vuldb.com/?ctiid.325121

Url: https://www.mend.io/vulnerability-database/CVE-2025-10766

Severity Score

9.8

Weakness Type (CWE)

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

CWE-22

CVSS v3.1

Base Score:	9.8
Attack Vector (AV):	NETWORK
Attack Complexity (AC):	LOW
Privileges Required (PR):	NONE
User Interaction (UI):	NONE
Scope (S):	UNCHANGED
Confidentiality (C):	HIGH
Integrity (I):	HIGH
Availability (A):	HIGH

Mend.io Vulnerability Database

We found results for “”

CVE-2025-10766

Date: September 21, 2025

Severity Score

Related Resources (6)

Severity Score

Weakness Type (CWE)

CVSS v3.1

Do you need more information?