CVE-2025-10766 is a path traversal vulnerability identified in SeriaWei's ZKEACMS content management system versions 4.0 through 4.3. The vulnerability resides in the Download function within the EventViewerController.cs file. By manipulating the 'ID' parameter passed to this function, an attacker can perform a path traversal attack, allowing them to access files outside the intended directory scope. This flaw can be exploited remotely without requiring user interaction or authentication, making it accessible to unauthenticated attackers over the network. The vulnerability has a CVSS 4.0 base score of 5.3, indicating a medium severity level. The vector string (AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:P) suggests that the attack requires low privileges (PR:L) but no user interaction, and the impact on confidentiality is low with no impact on integrity or availability. The vendor has not responded to disclosure attempts, and no patches or fixes have been released at the time of publication. Although no known exploits are currently observed in the wild, a public exploit has been made available, increasing the risk of exploitation. Path traversal vulnerabilities can allow attackers to read sensitive files such as configuration files, credentials, or logs, potentially leading to further compromise or information disclosure.

For European organizations using SeriaWei ZKEACMS versions 4.0 to 4.3, this vulnerability poses a risk of unauthorized access to sensitive files on the web server hosting the CMS. This could lead to exposure of confidential data, including user information, system configurations, or credentials, which may facilitate further attacks such as privilege escalation or lateral movement within the network. Given that the vulnerability can be exploited remotely without authentication, attackers can target vulnerable systems from anywhere, increasing the attack surface. Organizations in sectors with strict data protection regulations, such as finance, healthcare, or government, may face compliance risks if sensitive data is exposed. Additionally, the lack of vendor response and absence of patches complicate remediation efforts, potentially prolonging exposure. While the direct impact on system integrity and availability is low, the confidentiality breach risk and potential for chained attacks make this a significant concern for European entities relying on this CMS platform.

1. Immediate mitigation should include restricting external access to the Download function or the EventViewerController endpoint via web application firewalls (WAFs) or network access controls to limit exposure. 2. Implement input validation and sanitization at the application or proxy level to block path traversal patterns such as '../' sequences in the 'ID' parameter. 3. Conduct thorough code review and patch the vulnerable function to properly validate and constrain file path inputs, ensuring only authorized files within intended directories are accessible. 4. Monitor web server logs for suspicious requests attempting path traversal patterns to detect potential exploitation attempts early. 5. If feasible, isolate the CMS environment and limit file system permissions to minimize the impact of unauthorized file access. 6. Engage with the vendor or community to obtain or develop patches and apply them promptly once available. 7. Consider alternative CMS solutions if timely remediation is not possible, especially for high-risk environments. 8. Maintain regular backups and incident response plans to quickly recover from potential breaches.