CVE-2025-15131 is a command injection vulnerability identified in the ZSPACE Z4Pro+ device, version 1.0.0440024. The vulnerability resides in the HTTP POST request handler, specifically the zfilev2_api_SafeStatus function located at the endpoint /v2/file/safe/status. An attacker can craft malicious HTTP POST requests to inject arbitrary commands into the system, which the device executes with the privileges of the vulnerable service. This flaw does not require user interaction or elevated privileges, making it remotely exploitable over the network. The vulnerability affects the confidentiality, integrity, and availability of the device, as attackers can execute commands that may lead to data leakage, system compromise, or denial of service. The CVSS 4.0 vector indicates low attack complexity, no privileges required, and no user interaction, but with low impact on confidentiality, integrity, and availability individually, resulting in an overall medium severity score of 5.3. Although no known exploits are currently active in the wild, the public disclosure of exploit code increases the risk of exploitation. The vendor has been notified early, but no patch links are currently available. This vulnerability is critical for organizations relying on ZSPACE Z4Pro+ for augmented reality applications, training, or visualization, as it could lead to unauthorized control over the device and potentially the network it resides on.

For European organizations, the impact of CVE-2025-15131 can be significant, especially in industries such as manufacturing, healthcare, education, and defense where ZSPACE Z4Pro+ devices might be used for immersive training, simulation, or design. Successful exploitation could allow attackers to execute arbitrary commands remotely, potentially leading to unauthorized data access, manipulation of sensitive information, disruption of training or operational workflows, and lateral movement within the network. This could result in intellectual property theft, operational downtime, and reputational damage. Given the device’s role in interactive environments, availability disruption could also impair critical training or operational processes. The medium severity rating suggests a moderate but tangible risk that requires proactive mitigation to prevent escalation or chaining with other vulnerabilities.

1. Monitor vendor communications closely for official patches or firmware updates addressing CVE-2025-15131 and apply them promptly once available. 2. Restrict network access to the ZSPACE Z4Pro+ management interfaces by implementing network segmentation and firewall rules that limit HTTP POST requests to trusted sources only. 3. Employ intrusion detection/prevention systems (IDS/IPS) to monitor for anomalous HTTP POST requests targeting the /v2/file/safe/status endpoint. 4. Disable or restrict the vulnerable API endpoint if possible, or implement application-layer filtering to validate and sanitize inputs before processing. 5. Conduct regular security audits and penetration testing on devices to identify potential exploitation attempts. 6. Enforce strong authentication and access controls around device management to reduce the risk of unauthorized access. 7. Educate IT and security teams about this vulnerability to ensure rapid detection and response to suspicious activity related to ZSPACE devices.