CVE-2025-12266

🗓️ 27 Oct 2025 11:02:10Reported by VulDBType

cve🔗 web.nvd.nist.gov👁 5 Views🌐 WEB

CVE-2025-12266: Remote code injection in Zytec central authentication service widget _empty.

Reporter	Title	Published	Views	Family All 7
CNNVD	Zytec Central Authentication Service 代码注入漏洞	27 Oct 202500:00	–	cnnvd
Cvelist	CVE-2025-12266 Zytec Dalian Zhuoyun Technology Central Authentication Service widget _empty code injection	27 Oct 202511:02	–	cvelist
EUVD	EUVD-2025-36162	27 Oct 202512:32	–	euvd
NVD	CVE-2025-12266	27 Oct 202511:15	–	nvd
Positive Technologies	PT-2025-43933	27 Oct 202500:00	–	ptsecurity
RedhatCVE	CVE-2025-12266	28 Oct 202511:54	–	redhatcve
Vulnrichment	CVE-2025-12266 Zytec Dalian Zhuoyun Technology Central Authentication Service widget _empty code injection	27 Oct 202511:02	–	vulnrichment

Vulners

Node

zytec_dalian_zhuoyun_technology central_authentication_serviceMatch20251009

[
  {
    "vendor": "Zytec Dalian Zhuoyun Technology",
    "product": "Central Authentication Service",
    "versions": [
      {
        "version": "20251009",
        "status": "affected"
      }
    ]
  }
]

Source	Link
101	www.101.200.76.102:38765/qwertyuiop/Vuldb/Zytec.html
vuldb	www.vuldb.com/
vuldb	www.vuldb.com/
vuldb	www.vuldb.com/

Parameter	Position	Path	Description	CWE
get.layer	query param	/index.php/auth/widget	Code injection via manipulation of query parameters in /index.php/auth/widget (get.layer/get.widget/get.action)	CWE-74, CWE-94
get.widget	query param	/index.php/auth/widget	Code injection via manipulation of query parameters in /index.php/auth/widget (get.layer/get.widget/get.action)	CWE-74, CWE-94
get.action	query param	/index.php/auth/widget	Code injection via manipulation of query parameters in /index.php/auth/widget (get.layer/get.widget/get.action)	CWE-74, CWE-94

29 Apr 2026 01:00Current

6.6Medium risk

Vulners AI Score6.6

CVSS 45.3

CVSS 3.16.3

CVSS 26.5

CVSS 36.3

EPSS0.0005

SSVC