Vulnerability Description
A vulnerability was found in ZenTao up to 21.7.6-8564. This affects the function makeRequest of the file module/ai/model.php. The manipulation of the argument Base results in server-side request forgery. The attack can be launched remotely. The exploit has been made public and could be used. Upgrading to version 21.7.6 mitigates this issue. It is suggested to upgrade the affected component.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Zentao | Zentao | < 21.7.6 |
Related Weaknesses (CWE)
References
- https://github.com/ez-lbz/ez-lbz.github.io/issues/2ExploitIssue TrackingVendor Advisory
- https://github.com/ez-lbz/ez-lbz.github.io/issues/2#issue-3598317459ExploitIssue TrackingVendor Advisory
- https://github.com/ez-lbz/ez-lbz.github.io/issues/2#issuecomment-3540247346ExploitIssue Tracking
- https://vuldb.com/?ctiid.333793Permissions RequiredVDB Entry
- https://vuldb.com/?id.333793Third Party AdvisoryVDB Entry
- https://vuldb.com/?submit.690728Third Party AdvisoryVDB Entry
- https://www.zentao.net/extension-viewext-6.htmlProduct
FAQ
What is CVE-2025-13789?
CVE-2025-13789 is a vulnerability with a CVSS score of 6.3 (MEDIUM). A vulnerability was found in ZenTao up to 21.7.6-8564. This affects the function makeRequest of the file module/ai/model.php. The manipulation of the argument Base results in server-side request forge...
How severe is CVE-2025-13789?
CVE-2025-13789 has been rated MEDIUM with a CVSS base score of 6.3/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2025-13789?
Check the references section above for vendor advisories and patch information. Affected products include: Zentao Zentao.