Primary

Context

ZTE ZXCDN Struts Remote Code Execution Vulnerability

Vulnerability

Patched

A remote code execution vulnerability has been identified in ZTE's ZXCDN product, specifically in the ZXCDN-SNS V3.01.02 version. This vulnerability allows an unauthenticated attacker to execute commands remotely with non-root privileges.

Impact

Exploitation of this vulnerability allows for remote code execution on the affected system, with the executed commands running under a non-root user.

Remediation

Users can upgrade to ZTE ZXCDN-IAMV5.01.04.01 to address this vulnerability. For assistance, contact the ZTE Global Customer Support Center.

Added: Oct 14, 2025, 9:16 AM

Updated: Oct 14, 2025, 9:16 AM

Vulnerability Rating

Custom Algorithm

spread

1.0

impact

7.5

exploitability

7.6

remediation

7.7

relevance

0.7

threat

0.0

urgency

2.9

incentive

5.8

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

1.0

impact

7.5

exploitability

7.6

remediation

7.7

relevance

0.7

threat

0.0

urgency

2.9

incentive

5.8

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

ZTE ZXCDN Struts Remote Code Execution Vulnerability

Vulnerability

Impact

Remediation

Affected Products

ZTE ZXCDN

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating