ZZCMS 2025
CVE-2025-14836
LOW
Severity by source
CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Lifecycle Timeline
1DescriptionCVE.org
A flaw has been found in ZZCMS 2025. Affected by this vulnerability is an unknown functionality of the file /reg/user_save.php of the component User Data Storage Module. This manipulation causes cleartext storage in a file or on disk. Remote exploitation of the attack is possible. The exploit has been published and may be used.
AnalysisAI
ZZCMS 2025 stores sensitive user data in cleartext within the User Data Storage Module at /reg/user_save.php, allowing remote attackers with high-level privileges to retrieve unencrypted credentials or personal information from disk. The vulnerability has a published exploit available, though the extremely low EPSS score (0.02%) and requirement for authenticated high-privilege access suggest minimal real-world exploitation risk despite public proof-of-concept availability.
Technical ContextAI
ZZCMS is a PHP-based content management system. The vulnerability resides in the User Data Storage Module, specifically the /reg/user_save.php endpoint responsible for processing user registration and data persistence. The root cause is classified under CWE-312 (Cleartext Storage of Sensitive Information), indicating that the application writes user authentication credentials or personal data directly to disk files without encryption or hashing. This is a fundamental cryptographic weakness in the data persistence layer rather than a logical flaw-the application lacks encryption at rest for sensitive fields. The affected version is ZZCMS 2025 (CPE: cpe:2.3:a:zzcms:zzcms:2025:*:*:*:*:*:*:*).
RemediationAI
Immediate remediation requires upgrading ZZCMS to a patched version addressing cleartext storage in /reg/user_save.php; however, no vendor-released patch version is identified in available data-contact ZZCMS vendor directly for updates or security advisories. As a compensating control pending patch availability, restrict direct file system access to /reg/user_save.php output directories via operating system permissions (chmod/ACLs), allowing only the web server process and administrators read access; this limits exposure if files are exposed via directory traversal or backup leaks. Additionally, implement encryption for stored user data at the application level by modifying the User Data Storage Module to hash passwords using bcrypt or PBKDF2 and encrypt personal information fields using AES-256; note this requires code-level changes and database schema review. For immediate operational risk reduction, disable or restrict access to the user registration endpoint (/reg/user_save.php) to trusted networks only using firewall or web server rules (IP whitelisting in .htaccess or nginx config), trading user self-service registration capability for security while development proceeds. Monitor disk storage locations for unauthorized access using file integrity monitoring (e.g., auditd on Linux, Windows File Auditing) to detect if plaintext data is read.
More from same product – last 7 days
Authentication bypass in Discuz! X5.0 releases 20260320 through 20260501 allows unauthenticated remote attackers to acce
Authenticated remote code execution in Discuz! X5.0 releases 20260320 through 20260501 allows administrators to chain a
Unauthenticated PHP Object Injection in the Happyforms WordPress plugin (versions <= 1.26.13) allows remote attackers to
Unauthenticated PHP Object Injection in the Broadcast Live Video WordPress plugin (versions prior to 7.1.3) allows remot
Unauthenticated PHP object injection in the WordPress plugin 'Integration for Keap/Infusionsoft and Contact Form 7, WPFo
Share
External POC / Exploit Code
Leaving vuln.today