CVE-2025-10471 | ZKEACMS 4.3 MediaController.cs Proxy url server-side request forgery

A vulnerability classified as critical has been found in ZKEACMS 4.3. Impacted is the function Proxy of the file src/ZKEACMS/Controllers/MediaController.cs. Performing manipulation of the argument url results in server-side request forgery.

This vulnerability is cataloged as CVE-2025-10471. It is possible to initiate the attack remotely. Furthermore, there is an exploit available.VulDB Recent EntriesRead More