cbcvebase.

Zspace Z4Pro vulnerabilities

3 known vulnerabilities affecting zspace/z4pro.

Total CVEs
3
CISA KEV
0
Public exploits
0
Exploited in wild
0
Severity breakdown
HIGH3

Vulnerabilities

Page 1 of 1
CVE-2025-15133P2HIGHCVSS 8.8v1.0.04400242025-12-28
CVE-2025-15133 [HIGH] CWE-74 CVE-2025-15133: A vulnerability was identified in ZSPACE Z4Pro+ 1.0.0440024. The impacted element is the function zf A vulnerability was identified in ZSPACE Z4Pro+ 1.0.0440024. The impacted element is the function zfilev2_api_CloseSafe of the file /v2/file/safe/close of the component HTTP POST Request Handler. Such manipulation leads to command injection. It is possible to launch the attack remotely. The exploit is publicly available and might be used. The vendor wa
nvd
CVE-2025-15131P2HIGHCVSS 8.8v1.0.04400242025-12-28
CVE-2025-15131 [HIGH] CWE-74 CVE-2025-15131: A vulnerability was found in ZSPACE Z4Pro+ 1.0.0440024. Impacted is the function zfilev2_api_SafeSta A vulnerability was found in ZSPACE Z4Pro+ 1.0.0440024. Impacted is the function zfilev2_api_SafeStatus of the file /v2/file/safe/status of the component HTTP POST Request Handler. The manipulation results in command injection. The attack may be performed from remote. The exploit has been made public and could be used. The vendor was contacted early ab
nvd
CVE-2025-15132P2HIGHCVSS 8.8v1.0.04400242025-12-28
CVE-2025-15132 [HIGH] CWE-74 CVE-2025-15132: A vulnerability was determined in ZSPACE Z4Pro+ 1.0.0440024. The affected element is the function zf A vulnerability was determined in ZSPACE Z4Pro+ 1.0.0440024. The affected element is the function zfilev2_api_open of the file /v2/file/safe/open of the component HTTP POST Request Handler. This manipulation causes command injection. It is possible to initiate the attack remotely. The exploit has been publicly disclosed and may be utilized. The vendor
nvd
Zspace Z4Pro vulnerabilities | cvebase