Vulnerability Description
A flaw has been found in ZenTao up to 21.7.6-8564. The affected element is the function file::delete of the file module/file/control.php of the component File Handler. Executing manipulation of the argument fileID can lead to improper privilege management. It is possible to launch the attack remotely. Upgrading to version 21.7.7 is sufficient to fix this issue. You should upgrade the affected component.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Zentao | Zentao | < 21.7.7 |
Related Weaknesses (CWE)
References
- https://github.com/ez-lbz/ez-lbz.github.io/issues/1ExploitIssue TrackingThird Party Advisory
- https://github.com/ez-lbz/ez-lbz.github.io/issues/1#issuecomment-3540423868ExploitIssue TrackingThird Party Advisory
- https://vuldb.com/?ctiid.333791Permissions RequiredVDB Entry
- https://vuldb.com/?id.333791Third Party AdvisoryVDB Entry
- https://vuldb.com/?submit.689892Third Party AdvisoryVDB Entry
- https://www.zentao.net/extension-buyext-1601-download.htmlProduct
- https://github.com/ez-lbz/ez-lbz.github.io/issues/1ExploitIssue TrackingThird Party Advisory
- https://github.com/ez-lbz/ez-lbz.github.io/issues/1#issuecomment-3540423868ExploitIssue TrackingThird Party Advisory
FAQ
What is CVE-2025-13787?
CVE-2025-13787 is a vulnerability with a CVSS score of 5.4 (MEDIUM). A flaw has been found in ZenTao up to 21.7.6-8564. The affected element is the function file::delete of the file module/file/control.php of the component File Handler. Executing manipulation of the ar...
How severe is CVE-2025-13787?
CVE-2025-13787 has been rated MEDIUM with a CVSS base score of 5.4/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2025-13787?
Check the references section above for vendor advisories and patch information. Affected products include: Zentao Zentao.