CVE-2025-15082
low-risk
Published 2025-12-25
A vulnerability was found in TOZED ZLT M30s up to 1.47. Impacted is an unknown function of the file /reqproc/proc_post of the component Web Management Interface. Performing manipulation of the argument goformId results in information disclosure. It is possible to initiate the attack remotely. The exploit has been made public and could be used. The vendor was contacted early about this disclosure but did not respond in any way.
Do I need to act?
-
0.02% chance of exploitation
EPSS score — low exploit probability
-
Not on CISA KEV list
No confirmed active exploitation reported to CISA
?
Patch status unknown
Check vendor advisories for fix availability and mitigation guidance
5
CVSS 5.3/10
Medium
NETWORK
/ LOW complexity
Affected Products (1)
Zlt M30S Firmware
Affected Vendors
References (5)
Permissions Required
https://vuldb.com/?ctiid.338410
Third Party Advisory
https://vuldb.com/?id.338410
Third Party Advisory
https://vuldb.com/?submit.707306
Exploit
https://youtu.be/u_H29UdiPOc
26
/ 100
low-risk
Severity
21/34 · High
Exploitability
0/34 · Minimal
Exposure
5/34 · Minimal