Vulnerability Details CVE-2025-57130
An Incorrect Access Control vulnerability in the user management component of ZwiiCMS up to v13.6.07 allows a remote, authenticated attacker to escalate their privileges. By sending a specially crafted HTTP request, a low-privilege user can access and modify the profile data of any other user, including administrators.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.001
EPSS Ranking 29.9%
CVSS Severity
CVSS v3 Score 8.3
References