Home > Vulnerability Database > CVE-2025-34467

Mend.io Vulnerability Database

CVE-2025-34467

Good to know:

Date: December 31, 2025

ZwiiCMS versions prior to 13.7.00 contain a denial-of-service vulnerability in multiple administrative endpoints due to improper authorization checks combined with flawed resource state management. When an authenticated low-privilege user requests an administrative page, the application returns "404 Not Found" as expected, but incorrectly acquires and associates a temporary lock on the targeted resource with the attacker session prior to authorization. This lock prevents other users, including administrators, from accessing the affected functionality until the attacker navigates away or the session is terminated.

Severity Score

4.3

Related Resources (5)

Url: https://nvd.nist.gov/vuln/detail/CVE-2025-34467

Url: https://github.com/fredtempez/ZwiiCMS

Url: https://codeberg.org/fredtempez/ZwiiCMS/releases/tag/13.7.00

Url: https://www.vulncheck.com/advisories/zwiicms-lock-persistence-authenticated-dos-against-administrative-pages

Url: https://www.mend.io/vulnerability-database/CVE-2025-34467

Severity Score

4.3

Weakness Type (CWE)

Improper Locking

CWE-667

Incorrect Authorization

CWE-863

Top Fix

Upgrade Version

Upgrade to version https://github.com/fredtempez/ZwiiCMS.git - 13.7.00

Learn More

CVSS v3.1

Base Score:	4.3
Attack Vector (AV):	NETWORK
Attack Complexity (AC):	LOW
Privileges Required (PR):	LOW
User Interaction (UI):	NONE
Scope (S):	UNCHANGED
Confidentiality (C):	NONE
Integrity (I):	NONE
Availability (A):	LOW

Mend.io Vulnerability Database

We found results for “”

CVE-2025-34467

Good to know:

Date: December 31, 2025

Severity Score

Related Resources (5)

Severity Score

Weakness Type (CWE)

Top Fix

Upgrade Version

CVSS v3.1

Do you need more information?