CVE-2025-13651 | THREATINT

Description

Exposure of Sensitive System Information to an Unauthorized Actor vulnerability in Microcom ZeusWeb allows Web Application Fingerprinting of sensitive data. This issue affects ZeusWeb: 6.1.31.

PUBLISHED Reserved 2025-11-25 | Published 2026-02-11 | Updated 2026-02-11 | Assigner HackRTU

MEDIUM: 6.9CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N

Problem types

CWE-497: Exposure of Sensitive System Information to an Unauthorized Control Sphere

Product status

Default status

unknown

6.1.31

affected

Timeline

2025-11-06:	Vulnerability detection by the researchers
2025-11-11:	Report from researchers to the CNA of HackRTU
2025-11-12:	Report from HackRTU CNA to the provider
2026-02-11:	Vulnerabilities published by HackRTU's CNA

Credits

Aarón Flecha Menéndez finder

Víctor Bello Cuevas finder

References

www.hackrtu.com/blog/CNA-HRTU-0001/ technical-description patch

www.hackrtu.com/blog/CNA-CVE-2025-13651/ technical-description patch

www.microcom360.com/servicio-zeus-web/ product

zeus.microcom.es/ product

cve.org (CVE-2025-13651)

nvd.nist.gov (CVE-2025-13651)

Download JSON