What is CVE-2023-25650?

CVE-2023-25650 is a medium-severity vulnerability in Zte Zxcloud Irai, classified under Improper Input Validation. CVSS score: 6.5/10. Published 2023-12-14.

How severe is CVE-2023-25650?

Medium severity. CVSS v3 base score is 6.5 out of 10.

Improper input validation in Zte Zxcloud Irai

CVE-2023-25650

There is an arbitrary file download vulnerability in ZXCLOUD iRAI. Since the backend does not escape special strings or restrict paths, an attacker with user permission could access the download interface by modifying the request paramete…

Vulnerability class: Drupalgeddon 2 (CVE-2018-7600)

EPSS: 0.003 (49.7th percentile) — read the EPSS interpretation.

CVSS v3 metric

CVSS v3 base score 6.5 (Medium). Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N.

Affected products

Zte Zxcloud Irai — versions All versions up to V7.23.23

Weakness classification (CWE)

CWE-20 — Improper Input Validation

References

support.zte.com.cn/support/news/LoopholeInfoDetail.aspx

Frequently asked questions

What is CVE-2023-25650?: CVE-2023-25650 is a medium-severity vulnerability in Zte Zxcloud Irai, classified under Improper Input Validation. CVSS score: 6.5/10. Published 2023-12-14.
How severe is CVE-2023-25650?: Medium severity. CVSS v3 base score is 6.5 out of 10.