A vulnerability has been found in Zytec Dalian Zhuoyun Technology Central Authentication Service 3. Affected is the file /index.php/auth/Ops/git of the HTTP Header Handler component. Manipulating the Authorization argument allows the use of a hard-coded password. The attack can be initiated remotely. The exploit has been publicly disclosed. The vendor was notified about this issue but did not respond.
CVE-2025-11284
🟠High
CVE-2025-11284: Vulnerability in Zytec Dalian Zhuoyun Technology Central Authentication Service 3
A vulnerability in Zytec Dalian Zhuoyun Technology Central Authentication Service 3 can be exploited remotely. It involves the Authorization argument, leading to hard-coded password usage.
CVE ID
CVE-2025-11284
CVSS Score
7.3
Vendor
unknown
Published
Oct 05
Vulnerability Details
- CVE ID
- CVE-2025-11284
- Severity
- High
- CVSS v3 Score
- 7.3 / 10.0
- Affected Vendor
- unknown
- Publication Date
- October 05, 2025
External Resources
Need Help?
Protect your infrastructure with our comprehensive security scanning tools.
Explore Security Scanners