CNNVD-202511-3064 Information

Nov 30, 2025 cve

CNNVD ID

CNNVD-202511-3064

CVE-2025-13787

  • CNNVD Published: 2025-11-30

Description (Chinese)

Nature Easy Soft Network Technology ZenTao是中国易软天创网络科技(Nature Easy Soft Network Technology)公司的一套开源项目管理软件。该软件包括产品管理、项目管理、质量管理和文档管理等功能。 Nature Easy Soft Network Technology ZenTao 21.7.6-8564及之前版本存在安全漏洞,该漏洞源于文件module/file/control.php中参数fileID的错误操作,可能导致权限管理不当。

Description (English)

Nature Easy Soft Network Technology Zentao is an open-source project management software for Chinese company Nasty Soft Network Technology. The software includes functions such as product management, project management, quality management and document management. There is a security loophole in Nature East South Network Technology ZenTao 21.7.6-8564 and earlier versions, which stems from the mishandling of the parameter file file file file/file/control.php, which may lead to inappropriate authority management.

Hazard Level

High

Vulnerability Type

其他

Affected Vendor

易软天创网络科技

Published

2025-11-30

Last Modified

2026-02-24

References

https://vuldb.com/?submit.689892 https://www.zentao.net/extension-buyext-1601-download.html https://vuldb.com/?id.333791 https://github.com/ez-lbz/ez-lbz.github.io/issues/1 https://vuldb.com/?ctiid.333791 https://github.com/ez-lbz/ez-lbz.github.io/issues/1#issuecomment-3540423868 https://access.redhat.com/security/cve/cve-2025-13787

Share on: