CVE-2025-15082

HIGH SEVERITY

CVSS Score & Metrics

Base Score

7.5 / 10

Vector String

                                        CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N                                    

Vulnerability Description

A vulnerability was found in TOZED ZLT M30s up to 1.47. Impacted is an unknown function of the file /reqproc/proc_post of the component Web Management Interface. Performing manipulation of the argument goformId results in information disclosure. It is possible to initiate the attack remotely. The exploit has been made public and could be used. The vendor was contacted early about this disclosure but did not respond in any way.

Vulnerability Details

Published Date

December 25, 2025

Last Modified

January 20, 2026

CWE ID

CWE-200

Source

NVD

Vendor

gztozed

Product

zlt_m30s_firmware

External References

https://vuldb.com/?ctiid.338410
https://vuldb.com/?id.338410
https://vuldb.com/?submit.707306
https://www.hacklab.eu.org/blogs/zlt_m30s_information_disclosure
https://youtu.be/u_H29UdiPOc

CVE-2025-15082

CVSS Score & Metrics

Vulnerability Description

Vulnerability Details

External References

Discussion (0)

Add Comment