CVE-2025-41366

MEDIUM

ZIV IDF and ZLF - High-Privilege CORS Misconfiguration

Title source: manual

Description

In IDF v0.10.0-0C03-03 and ZLF v0.10.0-0C03-04, a configuration error has been detected in cross-origin resource sharing (CORS). Exploiting this vulnerability requires authenticating to the device and executing certain commands that can only be executed with permissions higher than the view permission.

References (1)

Core 1

Core References

Third Party Advisory

https://www.incibe.es/en/incibe-cert/notices/aviso-sci/multiple-vulnerabilities-zivs-idf-and-zlf-products

Scores

CVSS v4 5.1

EPSS 0.0031

EPSS Percentile 21.9%

CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:N/VI:N/VA:N/SC:N/SI:L/SA:L

CISA SSVC

Vulnrichment

Exploitation none

Automatable no

Technical Impact partial

Details

CWE

CWE-942

Status published

Products (1)

ZIV/IDF and ZLF < 1.1.0

Published Jun 06, 2025

Tracked Since Feb 18, 2026