CVE-2025-52239 — An arbitrary file upload vulnerability in ZKEACMS v4.1 allows attackers to execu... | CVE Daily

Critical CVSS 9.8

Overview

An arbitrary file upload vulnerability in ZKEACMS v4.1 allows attackers to execute arbitrary code via a crafted file.

CWE: CWE-434 Published: 2025-08-04T19:15:31.777

Risk analysis

This vulnerability is rated 🔴 CRITICAL.

CVSS: 9.8 (CRITICAL)
Detected tags: rce, upload (tag impact: VERY HIGH)

Recommended actions:

Patch/upgrade immediately (remote code execution).
Reduce exposure (WAF/segmentation), minimize attack surface.
Restrict types/MIME, store outside web root, inspect content.

Recommended tools

Tags