Skip to main content

CVE-2025-41366: CWE-942: Permissive Cross-domain Policy with Untrusted Domains in ZIV IDF and ZLF

Medium
VulnerabilityCVE-2025-41366cvecve-2025-41366cwe-942
Published: Fri Jun 06 2025 (06/06/2025, 11:50:42 UTC)
Source: CVE Database V5
Vendor/Project: ZIV
Product: IDF and ZLF

Description

In IDF v0.10.0-0C03-03 and ZLF v0.10.0-0C03-04, a configuration error has been detected in cross-origin resource sharing (CORS). Exploiting this vulnerability requires authenticating to the device and executing certain commands that can only be executed with permissions higher than the view permission.

AI-Powered Analysis

AILast updated: 07/07/2025, 18:25:26 UTC

Technical Analysis

CVE-2025-41366 is a medium-severity vulnerability identified in ZIV's IDF and ZLF products, specifically versions 0.10.0-0C03-03 for IDF and 0.10.0-0C03-04 for ZLF. The vulnerability stems from a misconfiguration in the cross-origin resource sharing (CORS) policy, categorized under CWE-942 (Permissive Cross-domain Policy with Untrusted Domains). This misconfiguration allows cross-domain requests from untrusted origins, potentially enabling unauthorized interactions with the device's web interface. However, exploitation requires the attacker to be authenticated with elevated privileges—specifically, permissions higher than the view-only level—and to execute certain privileged commands. The vulnerability does not require user interaction and can be exploited remotely over the network (AV:N), with low attack complexity (AC:L), and no user interaction (UI:N). The CVSS 4.0 vector indicates that the attack requires high privileges (PR:H), but no additional authentication beyond that is needed (AT:N). The vulnerability impacts confidentiality, integrity, and availability to a limited extent, as it allows an authenticated privileged user to bypass intended domain restrictions, potentially leading to unauthorized command execution or data access across domains. There are no known exploits in the wild, and no patches have been published yet. The vulnerability is particularly relevant for environments where IDF and ZLF devices are used and where cross-domain interactions are part of the operational workflow.

Potential Impact

For European organizations deploying ZIV's IDF and ZLF products, this vulnerability could lead to unauthorized cross-domain interactions within their internal networks, potentially allowing attackers with elevated privileges to execute commands or access sensitive data beyond intended boundaries. This could compromise the confidentiality and integrity of critical systems, especially in sectors relying on these devices for operational technology or network infrastructure management. The requirement for high privilege authentication limits the risk from external attackers but raises concerns about insider threats or compromised privileged accounts. In regulated industries such as finance, healthcare, or critical infrastructure within Europe, exploitation could lead to compliance violations and operational disruptions. The vulnerability's medium severity suggests that while the immediate risk is contained, failure to address it could facilitate lateral movement or privilege escalation in complex attack scenarios.

Mitigation Recommendations

European organizations should implement strict access controls to ensure that only trusted personnel have elevated privileges on IDF and ZLF devices. Regularly audit user permissions to minimize the number of accounts with high-level access. Network segmentation should be employed to isolate these devices from less trusted network zones, reducing the risk of cross-domain exploitation. Organizations should monitor device logs for unusual cross-origin requests or command executions indicative of exploitation attempts. Until official patches are released, consider deploying web application firewalls (WAFs) or reverse proxies configured to restrict or validate CORS headers and origins. Additionally, enforce multi-factor authentication (MFA) for all privileged accounts to reduce the risk of credential compromise. Engage with ZIV support channels to obtain updates on patch availability and apply them promptly once released.

Need more detailed analysis?Get Pro

Technical Details

Data Version
5.1
Assigner Short Name
INCIBE
Date Reserved
2025-04-16T09:57:06.079Z
Cvss Version
4.0
State
PUBLISHED

Threat ID: 6842df081a426642debcb516

Added to database: 6/6/2025, 12:28:56 PM

Last enriched: 7/7/2025, 6:25:26 PM

Last updated: 8/15/2025, 10:07:47 AM

Views: 29

Actions

PRO

Updates to AI analysis are available only with a Pro account. Contact root@offseq.com for access.

Please log in to the Console to use AI analysis features.

Need enhanced features?

Contact root@offseq.com for Pro access with improved analysis and higher rate limits.

Latest Threats