CVE-2025-54983 | THREATINT

Description

A health check port on Zscaler Client Connector on Windows, versions 4.6 < 4.6.0.216 and 4.7 < 4.7.0.47, which under specific circumstances was not released after use, allowed traffic to potentially bypass ZCC forwarding controls.

PUBLISHED Reserved 2025-08-04 | Published 2025-11-12 | Updated 2025-11-12 | Assigner Zscaler

MEDIUM: 5.2CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N

Problem types

CWE-772 Missing Release of Resource after Effective Lifetime

Product status

Default status

unaffected

4.6 (custom) before 4.6.0.216

affected

4.7 (custom) before 4.7.0.47

affected

Credits

DTCC Team other

References

help.zscaler.com/...lient-connector-app-release-summary-2025

cve.org (CVE-2025-54983)

nvd.nist.gov (CVE-2025-54983)

Download JSON