CVE-2025-10471HIGH 8.8EPSS p19.8%

CVE-2025-10471CVE-2025-10471

Description

A vulnerability was detected in ZKEACMS 4.3. Impacted is the function Proxy of the file src/ZKEACMS/Controllers/MediaController.cs. Performing manipulation of the argument url results in server-side request forgery. It is possible to initiate the attack remotely. The exploit is now public and may be used.

Scoring

CVSS 3.18.8 (HIGH)
VectorCVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
EPSS0.28% probability of exploitation · percentile 19.8% · 2026-06-18T12:00:27Z
Published2025-09-15
Last modified2026-04-29

Underlying weaknesses· 1

CWE-918

References

  1. https://github.com/August829/Yu/blob/main/58ead8e7e08bfb022.md
  2. https://github.com/August829/Yu/blob/main/58ead8e7e08bfb022.md#poc
  3. https://vuldb.com/?ctiid.323890
  4. https://vuldb.com/?id.323890
  5. https://vuldb.com/?submit.648387

1

TypeTargetConfidenceTier
WeaknessServer-Side Request Forgery (SSRF)cwe-9180%live

Related by meaning· 6

Nearest entities by semantic similarity across the cs-graph corpus.

CVE
CVE-2025-10764
CVE
CVE-2025-52239
CVE
CVE-2025-2997
CVE
CVE-2025-10410
CVE
CVE-2025-15131
CVE
CVE-2025-1848
Sourced from NVD + FIRST.org EPSS. Curated for EU compliance use cases by Adam Lundqvist, Founder at SQUR.