CVE-2025-15132 | ZSPACE Z4Pro+ 1.0.0440024 HTTP POST Request /v2/file/safe/open zfilev2_api_open command injection (EUVD-2025-205504)
A vulnerability has been found in ZSPACE Z4Pro+ 1.0.0440024 and classified as critical. The affected element is the function zfilev2_api_open of the file /v2/file/safe/open of the component HTTP POST Request Handler. This manipulation causes command injection.
The identification of this vulnerability is CVE-2025-15132. It is possible to initiate the attack remotely. Furthermore, there is an exploit available.
The vendor was contacted early about this disclosure.