CVE-2025-64074 | THREATINT

Description

A path-traversal vulnerability in the logout functionality of Shenzhen Zhibotong Electronics ZBT WE2001 23.09.27 allows remote attackers to delete arbitrary files on the host by supplying a crafted session cookie value.

PUBLISHED Reserved 2025-10-27 | Published 2026-02-11 | Updated 2026-02-11 | Assigner mitre

References

www.zbtwifi.com

neutsec.io/advisories/cve-2025-64074

cve.org (CVE-2025-64074)

nvd.nist.gov (CVE-2025-64074)

Download JSON