CVE-2025-13787 MEDIUM

CVE-2025-13787: ZenTao File control.php delete privileges management

Vendor N/A
Product ZenTao
Weakness CWE-269
Published November 30, 2025
Last update December 1, 2025
View on NVD All CVEs

CVSS base score

5.3/10
Attack vector Network
Attack complexity Low
Privileges required Low
User interaction None
Confidentiality
Integrity

CVSS vector

CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:L/SC:N/SI:N/SA:N/E:X

What the vulnerability does

01Description

A flaw has been found in ZenTao up to 21.7.6-8564. The affected element is the function file::delete of the file module/file/control.php of the component File Handler. Executing manipulation of the argument fileID can lead to improper privilege management. It is possible to launch the attack remotely. Upgrading to version 21.7.7 is sufficient to fix this issue. You should upgrade the affected component.

Key dates

02Disclosure timeline

November 30, 2025 CVE published
December 1, 2025 Record updated

Related vulnerabilities

04Related CVE

CVE-2026-5141 Improper Access Control in TUBITAK BILGEM's Pardus Software Center CVE-2020-16122 Packagekit's apt backend lets user install untrusted local packages CVE-2026-29122 `/bin/date` Binary given SETUID Permissions on IDC SFX2100 Leading to Potential LPE CVE-2025-3418 WPC Admin Columns 2.0.6 - 2.1.0 - Authenticated (Subscriber+) Privilege Escalation via User Meta Update CVE-2025-21199 Azure Agent Installer for Backup and Site Recovery Elevation of Privilege Vulnerability