CVE-2025-34467

UNKNOWN 0.0

ZwiiCMS < 13.7.00 Lock Persistence Authenticated DoS Against Administrative Pages

CVSS Score

0.0

EPSS Score

0.0%

EPSS Percentile

0th

ZwiiCMS versions prior to 13.7.00 contain a denial-of-service vulnerability in multiple administrative endpoints due to improper authorization checks combined with flawed resource state management. When an authenticated low-privilege user requests an administrative page, the application returns "404 Not Found" as expected, but incorrectly acquires and associates a temporary lock on the targeted resource with the attacker session prior to authorization. This lock prevents other users, including administrators, from accessing the affected functionality until the attacker navigates away or the session is terminated.

CWE	CWE-667 CWE-863
Vendor	fredtempez
Product	zwiicms
Published	Dec 31, 2025
Last Updated	Mar 5, 2026

Stay Ahead of the Next One

Get instant alerts for fredtempez zwiicms

Be the first to know when new unknown vulnerabilities affecting fredtempez zwiicms are published — delivered to Slack, Telegram or Discord.

Get Free Alerts → Free · No credit card · 60 sec setup

Affected Versions

fredtempez / ZwiiCMS

0 < 13.7.00

References

NVD ↗ CVE.org ↗ EPSS Data ↗

github.com: https://github.com/fredtempez/ZwiiCMS codeberg.org: https://codeberg.org/fredtempez/ZwiiCMS/releases/tag/13.7.00 vulncheck.com: https://www.vulncheck.com/advisories/zwiicms-lock-persistence-authenticated-dos-against-administrative-pages

Credits

Matías Schiappacasse