CVE-2025-15131

A vulnerability was found in ZSPACE Z4Pro+ 1.0.0440024. Impacted is the function zfilev2apiSafeStatus of the file /v2/file/safe/status of the component HTTP POST Request Handler. The manipulation results in command injection. The attack may be performed from remote. The exploit has been made publ...

EUVD-2025-205505

A vulnerability was found in ZSPACE Z4Pro+ 1.0.0440024. Impacted is the function zfilev2apiSafeStatus of the file /v2/file/safe/status of the component HTTP POST Request Handler. The manipulation results in command injection. The attack may be performed from remote. The exploit has been made publ...

CVE-2025-15131

A vulnerability was found in ZSPACE Z4Pro+ 1.0.0440024. Impacted is the function zfilev2apiSafeStatus of the file /v2/file/safe/status of the component HTTP POST Request Handler. The manipulation results in command injection. The attack may be performed from remote. The exploit has been made publ...

ZSPACE Z4Pro+ 命令注入漏洞

ZSPACE Z4Pro+ is a private cloud storage device from China Pole Space ZSPACE. A command injection vulnerability exists in ZSPACE Z4Pro+ version 1.0.0440024, which originates from a misuse of the function zfilev2apiSafeStatus in the file /v2/file/safe/status, which could lead to command injection...

PT-2025-53646

Name of the Vulnerable Software and Affected Versions ZSPACE Z4Pro+ version 1.0.0440024 Description A command injection issue exists in ZSPACE Z4Pro+. The issue is located within the HTTP POST Request Handler component, specifically in the zfilev2 api SafeStatus function accessible via the...

CVE-2025-14107

ZSPACE Q2C NAS is affected by CVE-2025-14107 through the zfilev2_api.SafeStatus function in /v2/file/safe/status. The vulnerability arises from manipulating the safe_dir argument in the HTTP POST Request Handler, enabling command injection with remote access. Public exploits exist, and vendors ha...