CVE-2025-66315 | THREATINT

Description

There is a configuration defect vulnerability in the version server of ZTE MF258K Pro products. Due to improper directory permission settings, an attacker can execute write permissions in a specific directory.

PUBLISHED Reserved 2025-11-27 | Published 2026-01-09 | Updated 2026-01-09 | Assigner zte

MEDIUM: 4.3CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L

Problem types

CWE-269 Improper Privilege Management

Product status

Default status

unaffected

ZTE_MF258kPRO_PLAY_V1.0.0B03

affected

ZTE_MF258PRO_STD_V1.0.0B04

affected

References

support.zte.com.cn/...ui/bulletin/detail/4891644183717871638

cve.org (CVE-2025-66315)

nvd.nist.gov (CVE-2025-66315)

Download JSON