CVE-2025-13787 is a vulnerability identified in the ZenTao project management software, specifically affecting versions up to 21.7.6-8564. The flaw resides in the file::delete function of the file module (file/control.php), where improper privilege management allows an attacker to manipulate the fileID parameter remotely. This manipulation can bypass intended access controls, enabling unauthorized deletion of files managed by ZenTao. The vulnerability does not require user interaction or elevated privileges beyond low-level access, and the attack vector is network-based, meaning it can be exploited remotely over the internet. The CVSS 4.0 base score is 5.3, reflecting a medium severity due to the moderate impact on confidentiality, integrity, and availability, combined with ease of exploitation. The vulnerability could lead to data loss, disruption of project management workflows, and potential exposure of sensitive project files if attackers delete critical files. The issue is resolved in ZenTao version 21.7.7, which implements proper privilege checks to prevent unauthorized file deletions. No public exploits or active exploitation in the wild have been reported, but the vulnerability's nature makes it a potential target for attackers aiming to disrupt organizational operations or sabotage project data integrity.

For European organizations, the impact of CVE-2025-13787 can be significant, especially for those relying on ZenTao for software development lifecycle management, project tracking, and documentation. Unauthorized file deletion can result in loss of critical project data, delays in development timelines, and potential exposure of sensitive information if backup or recovery mechanisms are inadequate. This can disrupt business operations, cause financial losses, and damage reputations. Organizations in sectors such as technology, finance, and government that use ZenTao may face increased risk of operational disruption. Additionally, the remote exploitability without user interaction increases the threat surface, making it easier for attackers to target vulnerable systems across Europe. The lack of known exploits in the wild currently reduces immediate risk, but the vulnerability remains a medium-term threat until patched.

European organizations should immediately upgrade all ZenTao installations to version 21.7.7 or later to remediate this vulnerability. Beyond patching, organizations should implement strict network segmentation and firewall rules to limit access to ZenTao management interfaces to trusted IP addresses only. Employing strong authentication and access control policies can reduce the risk of low-privilege account compromise, which is necessary for exploitation. Regularly audit user permissions within ZenTao to ensure the principle of least privilege is enforced. Implement comprehensive backup and recovery procedures for project files to mitigate the impact of any unauthorized deletions. Monitoring and logging access to the file deletion function can help detect suspicious activities early. Finally, organizations should stay informed about any emerging exploits or related vulnerabilities in ZenTao to respond promptly.