CVE-2025-12917 MEDIUM

CVE-2025-12917: TOZED ZLT T10 Reboot proc_post denial of service

Vendor Tozed
Product ZLT T10
Weakness CWE-404
Published November 9, 2025
Last update November 13, 2025

CVSS base score

5.3/10
Attack vector Adjacent
Attack complexity Low
Privileges required None
User interaction None
Confidentiality
Integrity

CVSS vector

CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:P

What the vulnerability does

01Description

A vulnerability was identified in TOZED ZLT T10 T10PLUS_3.04.15. The affected element is an unknown function of the file /reqproc/proc_post of the component Reboot Handler. Such manipulation leads to denial of service. Access to the local network is required for this attack to succeed. The exploit is publicly available and might be used. The vendor was contacted early about this disclosure but did not respond in any way.

Key dates

02Disclosure timeline

November 9, 2025 CVE published
November 13, 2025 Record updated