CVE-2025-14837

MEDIUM 4.7

ZZCMS Backend Website Settings siteconfig.php stripfxg code injection

CVSS Score

4.7

EPSS Score

0.0%

EPSS Percentile

0th

A vulnerability has been found in ZZCMS 2025. Affected by this issue is the function stripfxg of the file /admin/siteconfig.php of the component Backend Website Settings Module. Such manipulation of the argument icp leads to code injection. The attack can be executed remotely. The exploit has been disclosed to the public and may be used.

CWE	CWE-94 CWE-74
Vendor	n/a
Product	zzcms
Published	Dec 17, 2025
Last Updated	Feb 24, 2026

Stay Ahead of the Next One

Get instant alerts for n/a zzcms

Be the first to know when new medium vulnerabilities affecting n/a zzcms are published — delivered to Slack, Telegram or Discord.

Get Free Alerts → Free · No credit card · 60 sec setup

CVSS v3 Breakdown

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R

Attack Vector

Attack Complexity

Privileges Required

User Interaction

Scope

Confidentiality

Integrity

Availability

Affected Versions

n/a / ZZCMS

2025

References

NVD ↗ CVE.org ↗ EPSS Data ↗

vuldb.com: https://vuldb.com/?id.336987 vuldb.com: https://vuldb.com/?ctiid.336987 vuldb.com: https://vuldb.com/?submit.711655 note-hxlab.wetolink.com: https://note-hxlab.wetolink.com/share/ekNgcv2wVBya

Credits

🔍 airrudder (VulDB User)