CNNVD-202512-4885 Information

CNNVD ID

CNNVD-202512-4885

Related CVE

CVE-2025-15132

• CNNVD Published: 2025-12-28

Description (Chinese)

ZSPACE Z4Pro+是中国极空间（ZSPACE）公司的一个私有云存储设备。 ZSPACE Z4Pro+ 1.0.0440024版本存在命令注入漏洞，该漏洞源于文件/v2/file/safe/open中函数zfilev2_api_open的错误操作，可能导致命令注入。

Description (English)

ZSPACE Z4Pro+ is a privately owned cloud storage facility for ZSPACE. The ZSPACE Z4Pro+ 1.0.0440024 version contains a command injection loophole, which results from the error of the zfilev2 api open function in file/v2/file/safe/open, which may lead to the command injection.

Hazard Level

High

Vulnerability Type

命令注入

Affected Vendor

极空间

Published

2025-12-28

Last Modified

2026-02-24

References

https://vuldb.com/?submit.713885 https://vuldb.com/?id.338510 https://vuldb.com/?ctiid.338510 https://github.com/LX-66-LX/cve/issues/2 https://access.redhat.com/security/cve/cve-2025-15132