CNNVD-202512-4884 Information

CNNVD ID

CNNVD-202512-4884

Related CVE

CVE-2025-15133

• CNNVD Published: 2025-12-28

Description (Chinese)

ZSPACE Z4Pro+是中国极空间（ZSPACE）公司的一个私有云存储设备。 ZSPACE Z4Pro+ 1.0.0440024版本存在命令注入漏洞，该漏洞源于文件/v2/file/safe/close中函数zfilev2_api_CloseSafe的错误操作，可能导致命令注入。

Description (English)

ZSPACE Z4Pro+ is a privately owned cloud storage facility for ZSPACE. The ZSPACE Z4Pro+ 1.0.0440024 version has a command-injecting loophole, which stems from the error of the zfilev2 api CloseSafe function in file/v2/file/safe/close, which may lead to the command-injection.

Hazard Level

High

Vulnerability Type

命令注入

Affected Vendor

极空间

Published

2025-12-28

Last Modified

2026-02-24

References

https://vuldb.com/?submit.713887 https://vuldb.com/?ctiid.338511 https://vuldb.com/?id.338511 https://github.com/LX-66-LX/cve/issues/3 https://access.redhat.com/security/cve/cve-2025-15133