CVE-2025-15082 is an information disclosure vulnerability identified in the TOZED ZLT M30s series of devices, affecting all firmware versions up to 1.47. The vulnerability resides in the Web Management Interface, specifically within the /reqproc/proc_post component. An attacker can remotely manipulate the 'goformId' parameter in HTTP POST requests to trigger unintended information disclosure. This flaw does not require any authentication or user interaction, making it remotely exploitable over the network. The disclosed information could include sensitive device configuration details or operational data, which could be leveraged to facilitate further attacks such as device takeover or network infiltration. The vendor was contacted early but has not issued any patch or mitigation guidance, increasing the risk of exploitation. The CVSS 4.0 vector indicates network attack vector (AV:N), low attack complexity (AC:L), no privileges required (PR:N), no user interaction (UI:N), and low confidentiality impact (VC:L), with no impact on integrity or availability. Although no known exploits are currently observed in the wild, the public availability of exploit code increases the likelihood of future attacks. The vulnerability affects a wide range of firmware versions, indicating a long-standing issue potentially present in many deployed devices.

For European organizations, this vulnerability poses a risk of unauthorized disclosure of sensitive information from TOZED ZLT M30s devices. Such information could include network configurations, credentials, or other operational data that attackers could use to escalate privileges, move laterally within networks, or conduct targeted attacks. Critical infrastructure sectors relying on these devices for network management or security could face increased exposure to cyber espionage or sabotage. The lack of vendor response and patch availability exacerbates the risk, as organizations must rely on compensating controls. The exploitability without authentication and user interaction means attackers can scan and target vulnerable devices remotely, potentially leading to widespread reconnaissance and data leakage. This could undermine confidentiality and trust in network operations, especially in regulated industries with strict data protection requirements such as finance, healthcare, and government. The medium severity rating reflects the limited scope of impact to confidentiality but highlights the ease of exploitation and potential for information gathering that could lead to more severe attacks.

Given the absence of vendor patches, European organizations should implement the following specific mitigations: 1) Immediately inventory and identify all TOZED ZLT M30s devices in their environment and verify firmware versions. 2) Restrict network access to the Web Management Interface by implementing strict firewall rules, allowing management access only from trusted internal IP addresses or VPNs. 3) Employ network segmentation to isolate these devices from critical network segments and sensitive data repositories. 4) Monitor network traffic for unusual POST requests targeting the /reqproc/proc_post endpoint, especially those manipulating the 'goformId' parameter, using IDS/IPS or SIEM solutions. 5) Disable or limit remote management interfaces if not strictly necessary. 6) Consider deploying web application firewalls (WAFs) with custom rules to detect and block exploitation attempts. 7) Regularly review device logs for signs of unauthorized access or information leakage. 8) Engage with TOZED or third-party security vendors for potential unofficial patches or workarounds. 9) Plan for device replacement or upgrade to models without this vulnerability if no vendor fix is forthcoming. 10) Educate IT staff about this vulnerability and the importance of rapid incident response in case of exploitation.