Vulnerability Details CVE-2025-57130
An Incorrect Access Control vulnerability in the user management component of ZwiiCMS up to v13.6.07 allows a remote, authenticated attacker to escalate their privileges. By sending a specially crafted HTTP request, a low-privilege user can access and modify the profile data of any other user, including administrators.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.002
EPSS Ranking 45.9%
CVSS Severity
CVSS v3 Score 8.3
References
Products affected by CVE-2025-57130
-
cpe:2.3:a:zwiicms:zwiicms:10.0.124
-
cpe:2.3:a:zwiicms:zwiicms:10.0.125
-
cpe:2.3:a:zwiicms:zwiicms:10.0.126
-
cpe:2.3:a:zwiicms:zwiicms:10.2.00
-
cpe:2.3:a:zwiicms:zwiicms:10.2.01
-
cpe:2.3:a:zwiicms:zwiicms:10.2.02
-
cpe:2.3:a:zwiicms:zwiicms:10.2.05
-
cpe:2.3:a:zwiicms:zwiicms:10.2.06
-
cpe:2.3:a:zwiicms:zwiicms:10.2.07
-
cpe:2.3:a:zwiicms:zwiicms:10.2.09
-
cpe:2.3:a:zwiicms:zwiicms:10.3.00
-
cpe:2.3:a:zwiicms:zwiicms:10.3.01
-
cpe:2.3:a:zwiicms:zwiicms:10.3.03
-
cpe:2.3:a:zwiicms:zwiicms:10.3.04
-
cpe:2.3:a:zwiicms:zwiicms:10.3.05
-
cpe:2.3:a:zwiicms:zwiicms:10.3.06
-
cpe:2.3:a:zwiicms:zwiicms:10.3.07
-
cpe:2.3:a:zwiicms:zwiicms:10.3.08
-
cpe:2.3:a:zwiicms:zwiicms:10.3.09
-
cpe:2.3:a:zwiicms:zwiicms:10.3.10
-
cpe:2.3:a:zwiicms:zwiicms:10.3.11
-
cpe:2.3:a:zwiicms:zwiicms:10.3.12
-
cpe:2.3:a:zwiicms:zwiicms:10.3.13
-
cpe:2.3:a:zwiicms:zwiicms:10.4.00
-
cpe:2.3:a:zwiicms:zwiicms:10.4.00.014
-
cpe:2.3:a:zwiicms:zwiicms:10.4.01
-
cpe:2.3:a:zwiicms:zwiicms:10.4.02
-
cpe:2.3:a:zwiicms:zwiicms:10.4.03
-
cpe:2.3:a:zwiicms:zwiicms:10.4.04
-
cpe:2.3:a:zwiicms:zwiicms:10.4.05
-
cpe:2.3:a:zwiicms:zwiicms:10.4.06
-
cpe:2.3:a:zwiicms:zwiicms:10.5.00
-
cpe:2.3:a:zwiicms:zwiicms:10.5.01
-
cpe:2.3:a:zwiicms:zwiicms:10.5.02
-
cpe:2.3:a:zwiicms:zwiicms:10.5.03
-
cpe:2.3:a:zwiicms:zwiicms:10.5.04
-
cpe:2.3:a:zwiicms:zwiicms:10.6.00
-
cpe:2.3:a:zwiicms:zwiicms:10.6.01
-
cpe:2.3:a:zwiicms:zwiicms:10.6.02
-
cpe:2.3:a:zwiicms:zwiicms:10.6.03
-
cpe:2.3:a:zwiicms:zwiicms:11.0.01
-
cpe:2.3:a:zwiicms:zwiicms:11.0.08
-
cpe:2.3:a:zwiicms:zwiicms:11.5.00
-
cpe:2.3:a:zwiicms:zwiicms:11.5.01
-
cpe:2.3:a:zwiicms:zwiicms:11.5.02
-
cpe:2.3:a:zwiicms:zwiicms:11.5.03
-
cpe:2.3:a:zwiicms:zwiicms:11.5.04
-
cpe:2.3:a:zwiicms:zwiicms:11.5.05
-
cpe:2.3:a:zwiicms:zwiicms:11.5.06
-
cpe:2.3:a:zwiicms:zwiicms:11.5.07
-
cpe:2.3:a:zwiicms:zwiicms:11.5.08
-
cpe:2.3:a:zwiicms:zwiicms:11.5.09
-
cpe:2.3:a:zwiicms:zwiicms:11.5.10
-
cpe:2.3:a:zwiicms:zwiicms:11.5.11
-
cpe:2.3:a:zwiicms:zwiicms:11.5.12
-
cpe:2.3:a:zwiicms:zwiicms:11.5.13
-
cpe:2.3:a:zwiicms:zwiicms:11.510
-
cpe:2.3:a:zwiicms:zwiicms:12.0.08
-
cpe:2.3:a:zwiicms:zwiicms:12.0.09
-
cpe:2.3:a:zwiicms:zwiicms:12.1.00
-
cpe:2.3:a:zwiicms:zwiicms:12.1.01
-
cpe:2.3:a:zwiicms:zwiicms:12.2.00
-
cpe:2.3:a:zwiicms:zwiicms:12.2.01
-
cpe:2.3:a:zwiicms:zwiicms:12.2.02
-
cpe:2.3:a:zwiicms:zwiicms:12.2.03
-
cpe:2.3:a:zwiicms:zwiicms:12.2.04
-
cpe:2.3:a:zwiicms:zwiicms:12.3.00
-
cpe:2.3:a:zwiicms:zwiicms:12.3.01
-
cpe:2.3:a:zwiicms:zwiicms:12.3.02
-
cpe:2.3:a:zwiicms:zwiicms:12.3.03
-
cpe:2.3:a:zwiicms:zwiicms:12.3.04
-
cpe:2.3:a:zwiicms:zwiicms:12.3.05
-
cpe:2.3:a:zwiicms:zwiicms:12.3.06
-
cpe:2.3:a:zwiicms:zwiicms:12.3.07
-
cpe:2.3:a:zwiicms:zwiicms:12.3.08
-
cpe:2.3:a:zwiicms:zwiicms:12.3.09
-
cpe:2.3:a:zwiicms:zwiicms:12.3.10
-
cpe:2.3:a:zwiicms:zwiicms:12.3.11
-
cpe:2.3:a:zwiicms:zwiicms:12.304
-
cpe:2.3:a:zwiicms:zwiicms:12.4.00
-
cpe:2.3:a:zwiicms:zwiicms:13.0.00
-
cpe:2.3:a:zwiicms:zwiicms:13.0.01
-
cpe:2.3:a:zwiicms:zwiicms:13.0.02
-
cpe:2.3:a:zwiicms:zwiicms:13.0.03
-
cpe:2.3:a:zwiicms:zwiicms:13.0.04
-
cpe:2.3:a:zwiicms:zwiicms:13.0.05
-
cpe:2.3:a:zwiicms:zwiicms:13.0.06
-
cpe:2.3:a:zwiicms:zwiicms:13.0.07
-
cpe:2.3:a:zwiicms:zwiicms:13.0.08
-
cpe:2.3:a:zwiicms:zwiicms:13.1.00
-
cpe:2.3:a:zwiicms:zwiicms:13.1.01
-
cpe:2.3:a:zwiicms:zwiicms:13.1.02
-
cpe:2.3:a:zwiicms:zwiicms:13.1.03
-
cpe:2.3:a:zwiicms:zwiicms:13.1.04
-
cpe:2.3:a:zwiicms:zwiicms:13.1.05
-
cpe:2.3:a:zwiicms:zwiicms:13.1.06
-
cpe:2.3:a:zwiicms:zwiicms:13.1.07
-
cpe:2.3:a:zwiicms:zwiicms:13.1.08
-
cpe:2.3:a:zwiicms:zwiicms:13.2.00
-
cpe:2.3:a:zwiicms:zwiicms:13.2.01
-
cpe:2.3:a:zwiicms:zwiicms:13.3.00
-
cpe:2.3:a:zwiicms:zwiicms:13.3.01
-
cpe:2.3:a:zwiicms:zwiicms:13.3.02
-
cpe:2.3:a:zwiicms:zwiicms:13.3.03
-
cpe:2.3:a:zwiicms:zwiicms:13.3.04
-
cpe:2.3:a:zwiicms:zwiicms:13.3.05
-
cpe:2.3:a:zwiicms:zwiicms:13.3.06
-
cpe:2.3:a:zwiicms:zwiicms:13.3.07
-
cpe:2.3:a:zwiicms:zwiicms:13.3.08
-
cpe:2.3:a:zwiicms:zwiicms:13.4.00
-
cpe:2.3:a:zwiicms:zwiicms:13.5.00
-
cpe:2.3:a:zwiicms:zwiicms:13.5.01
-
cpe:2.3:a:zwiicms:zwiicms:13.5.02
-
cpe:2.3:a:zwiicms:zwiicms:13.5.03
-
cpe:2.3:a:zwiicms:zwiicms:13.6.00
-
cpe:2.3:a:zwiicms:zwiicms:13.6.01
-
cpe:2.3:a:zwiicms:zwiicms:13.6.02
-
cpe:2.3:a:zwiicms:zwiicms:13.6.04
-
cpe:2.3:a:zwiicms:zwiicms:13.6.07
-
cpe:2.3:a:zwiicms:zwiicms:9.1.05
-
cpe:2.3:a:zwiicms:zwiicms:9.1.06
-
cpe:2.3:a:zwiicms:zwiicms:9.1.07
-
cpe:2.3:a:zwiicms:zwiicms:9.1.08
-
cpe:2.3:a:zwiicms:zwiicms:9.1.09
-
cpe:2.3:a:zwiicms:zwiicms:9.1.10
-
cpe:2.3:a:zwiicms:zwiicms:9.1.11
-
cpe:2.3:a:zwiicms:zwiicms:9.1.12
-
cpe:2.3:a:zwiicms:zwiicms:9.1.13
-
cpe:2.3:a:zwiicms:zwiicms:9.1.14
-
cpe:2.3:a:zwiicms:zwiicms:9.2.00
-
cpe:2.3:a:zwiicms:zwiicms:9.2.01
-
cpe:2.3:a:zwiicms:zwiicms:9.2.02
-
cpe:2.3:a:zwiicms:zwiicms:9.2.03
-
cpe:2.3:a:zwiicms:zwiicms:9.2.04
-
cpe:2.3:a:zwiicms:zwiicms:9.2.07
-
cpe:2.3:a:zwiicms:zwiicms:9.2.08
-
cpe:2.3:a:zwiicms:zwiicms:9.2.09
-
cpe:2.3:a:zwiicms:zwiicms:9.2.10
-
cpe:2.3:a:zwiicms:zwiicms:9.2.11
-
cpe:2.3:a:zwiicms:zwiicms:9.2.12
-
cpe:2.3:a:zwiicms:zwiicms:9.2.13
-
cpe:2.3:a:zwiicms:zwiicms:9.2.15
-
cpe:2.3:a:zwiicms:zwiicms:9.2.16
-
cpe:2.3:a:zwiicms:zwiicms:9.2.18
-
cpe:2.3:a:zwiicms:zwiicms:9.2.20
-
cpe:2.3:a:zwiicms:zwiicms:9.2.21
-
cpe:2.3:a:zwiicms:zwiicms:9.2.22
-
cpe:2.3:a:zwiicms:zwiicms:9.2.23
-
cpe:2.3:a:zwiicms:zwiicms:9.2.25
-
cpe:2.3:a:zwiicms:zwiicms:9.2.26
-
cpe:2.3:a:zwiicms:zwiicms:9.2.27
-
cpe:2.3:a:zwiicms:zwiicms:9.2.28