CVE-2025-64074: n/a
CVE-2025-64074 is a path traversal vulnerability found in the logout functionality of Shenzhen Zhibotong Electronics ZBT WE2001 device firmware version 23. 09. 27. This flaw allows remote attackers to delete arbitrary files on the host system by sending a specially crafted session cookie value. Exploitation does not require user interaction but does require the attacker to be able to send requests with manipulated cookies, likely implying some level of access to the device's web interface. No public exploits or patches are currently known. The vulnerability poses a significant risk to device availability and integrity, potentially leading to denial of service or further compromise. European organizations using this device or similar Shenzhen Zhibotong products should prioritize mitigation. Countries with higher adoption of this vendor’s network equipment, or with critical infrastructure relying on such devices, are at greater risk. Due to the ability to delete arbitrary files remotely without authentication barriers explicitly stated, the suggested severity is high.
AI Analysis
Technical Summary
CVE-2025-64074 is a security vulnerability identified in the logout functionality of the Shenzhen Zhibotong Electronics ZBT WE2001 device running firmware version 23.09.27. The vulnerability is a path traversal flaw that allows an attacker to manipulate the session cookie value to traverse the file system and delete arbitrary files on the host device. This type of vulnerability arises when user-supplied input is not properly sanitized, enabling directory traversal sequences (e.g., '../') to access files outside the intended directory scope. The logout function, which typically terminates user sessions, is improperly validating or sanitizing the session cookie, allowing an attacker to craft a malicious cookie that triggers file deletion. The attack vector is remote, requiring the attacker to send HTTP requests with the crafted cookie to the device’s web interface. There is no indication that authentication or user interaction is required, which increases the risk profile. The impact of arbitrary file deletion includes potential disruption of device operations, loss of configuration files, or deletion of critical system files, leading to denial of service or facilitating further exploitation. No CVSS score has been assigned, and no patches or known exploits are currently available. The vulnerability was reserved in October 2025 and published in February 2026, indicating recent discovery. Shenzhen Zhibotong Electronics is a manufacturer of network devices, and the ZBT WE2001 is likely deployed in enterprise or industrial environments. The lack of patches necessitates immediate defensive measures to mitigate exploitation risk.
Potential Impact
For European organizations, the impact of CVE-2025-64074 can be significant, especially for those relying on Shenzhen Zhibotong ZBT WE2001 devices in their network infrastructure. Successful exploitation allows attackers to delete arbitrary files remotely, potentially causing device malfunction, loss of configuration, or complete denial of service. This can disrupt business operations, affect network availability, and compromise the integrity of network management systems. Critical sectors such as telecommunications, manufacturing, and utilities that use these devices for network connectivity or industrial control may face operational outages or safety risks. Additionally, deletion of log files or security configurations could hinder incident response and forensic investigations. The absence of authentication requirements or user interaction lowers the barrier for attackers, increasing the likelihood of exploitation if devices are exposed to untrusted networks. European organizations with inadequate network segmentation or exposed management interfaces are particularly vulnerable. The threat also extends to supply chain security, as compromised devices could be used as pivot points for broader network intrusions.
Mitigation Recommendations
1. Immediately isolate Shenzhen Zhibotong ZBT WE2001 devices from untrusted networks and restrict access to their management interfaces using network segmentation and firewall rules. 2. Implement strict access controls and monitor all logout requests for anomalous session cookie values indicative of exploitation attempts. 3. Engage with Shenzhen Zhibotong Electronics to obtain firmware updates or patches addressing this vulnerability; if unavailable, request vendor guidance or consider device replacement. 4. Employ intrusion detection systems (IDS) or web application firewalls (WAF) capable of detecting and blocking path traversal patterns in HTTP requests, particularly those targeting logout endpoints. 5. Regularly back up device configurations and critical files to enable rapid recovery in case of file deletion. 6. Conduct security audits and vulnerability assessments on all network devices to identify similar weaknesses. 7. Educate network administrators about this vulnerability and the importance of monitoring device logs and network traffic for suspicious activity. 8. Limit administrative access to devices to trusted personnel and use VPNs or secure tunnels for remote management to reduce exposure. 9. Consider deploying endpoint detection and response (EDR) solutions that can detect unusual file system changes on network devices if supported.
Affected Countries
Germany, France, United Kingdom, Italy, Spain, Netherlands, Poland, Belgium
CVE-2025-64074: n/a
Description
CVE-2025-64074 is a path traversal vulnerability found in the logout functionality of Shenzhen Zhibotong Electronics ZBT WE2001 device firmware version 23. 09. 27. This flaw allows remote attackers to delete arbitrary files on the host system by sending a specially crafted session cookie value. Exploitation does not require user interaction but does require the attacker to be able to send requests with manipulated cookies, likely implying some level of access to the device's web interface. No public exploits or patches are currently known. The vulnerability poses a significant risk to device availability and integrity, potentially leading to denial of service or further compromise. European organizations using this device or similar Shenzhen Zhibotong products should prioritize mitigation. Countries with higher adoption of this vendor’s network equipment, or with critical infrastructure relying on such devices, are at greater risk. Due to the ability to delete arbitrary files remotely without authentication barriers explicitly stated, the suggested severity is high.
AI-Powered Analysis
Technical Analysis
CVE-2025-64074 is a security vulnerability identified in the logout functionality of the Shenzhen Zhibotong Electronics ZBT WE2001 device running firmware version 23.09.27. The vulnerability is a path traversal flaw that allows an attacker to manipulate the session cookie value to traverse the file system and delete arbitrary files on the host device. This type of vulnerability arises when user-supplied input is not properly sanitized, enabling directory traversal sequences (e.g., '../') to access files outside the intended directory scope. The logout function, which typically terminates user sessions, is improperly validating or sanitizing the session cookie, allowing an attacker to craft a malicious cookie that triggers file deletion. The attack vector is remote, requiring the attacker to send HTTP requests with the crafted cookie to the device’s web interface. There is no indication that authentication or user interaction is required, which increases the risk profile. The impact of arbitrary file deletion includes potential disruption of device operations, loss of configuration files, or deletion of critical system files, leading to denial of service or facilitating further exploitation. No CVSS score has been assigned, and no patches or known exploits are currently available. The vulnerability was reserved in October 2025 and published in February 2026, indicating recent discovery. Shenzhen Zhibotong Electronics is a manufacturer of network devices, and the ZBT WE2001 is likely deployed in enterprise or industrial environments. The lack of patches necessitates immediate defensive measures to mitigate exploitation risk.
Potential Impact
For European organizations, the impact of CVE-2025-64074 can be significant, especially for those relying on Shenzhen Zhibotong ZBT WE2001 devices in their network infrastructure. Successful exploitation allows attackers to delete arbitrary files remotely, potentially causing device malfunction, loss of configuration, or complete denial of service. This can disrupt business operations, affect network availability, and compromise the integrity of network management systems. Critical sectors such as telecommunications, manufacturing, and utilities that use these devices for network connectivity or industrial control may face operational outages or safety risks. Additionally, deletion of log files or security configurations could hinder incident response and forensic investigations. The absence of authentication requirements or user interaction lowers the barrier for attackers, increasing the likelihood of exploitation if devices are exposed to untrusted networks. European organizations with inadequate network segmentation or exposed management interfaces are particularly vulnerable. The threat also extends to supply chain security, as compromised devices could be used as pivot points for broader network intrusions.
Mitigation Recommendations
1. Immediately isolate Shenzhen Zhibotong ZBT WE2001 devices from untrusted networks and restrict access to their management interfaces using network segmentation and firewall rules. 2. Implement strict access controls and monitor all logout requests for anomalous session cookie values indicative of exploitation attempts. 3. Engage with Shenzhen Zhibotong Electronics to obtain firmware updates or patches addressing this vulnerability; if unavailable, request vendor guidance or consider device replacement. 4. Employ intrusion detection systems (IDS) or web application firewalls (WAF) capable of detecting and blocking path traversal patterns in HTTP requests, particularly those targeting logout endpoints. 5. Regularly back up device configurations and critical files to enable rapid recovery in case of file deletion. 6. Conduct security audits and vulnerability assessments on all network devices to identify similar weaknesses. 7. Educate network administrators about this vulnerability and the importance of monitoring device logs and network traffic for suspicious activity. 8. Limit administrative access to devices to trusted personnel and use VPNs or secure tunnels for remote management to reduce exposure. 9. Consider deploying endpoint detection and response (EDR) solutions that can detect unusual file system changes on network devices if supported.
Affected Countries
Technical Details
- Data Version
- 5.2
- Assigner Short Name
- mitre
- Date Reserved
- 2025-10-27T00:00:00.000Z
- Cvss Version
- null
- State
- PUBLISHED
Threat ID: 698d0a3b4b57a58fa1d8b224
Added to database: 2/11/2026, 11:01:15 PM
Last enriched: 2/11/2026, 11:15:48 PM
Last updated: 2/12/2026, 1:44:04 AM
Views: 3
Community Reviews
0 reviewsCrowdsource mitigation strategies, share intel context, and vote on the most helpful responses. Sign in to add your voice and help keep defenders ahead.
Want to contribute mitigation steps or threat intel context? Sign in or create an account to join the community discussion.
Related Threats
CVE-2026-1729: CWE-306 Missing Authentication for Critical Function in scriptsbundle AdForest
CriticalCVE-2026-20700: An attacker with memory write capability may be able to execute arbitrary code. Apple is aware of a report that this issue may have been exploited in an extremely sophisticated attack against specific targeted individuals on versions of iOS before iOS 26. CVE-2025-14174 and CVE-2025-43529 were also issued in response to this report. in Apple macOS
CriticalCVE-2026-20682: An attacker may be able to discover a user’s deleted notes in Apple iOS and iPadOS
HighCVE-2026-20681: An app may be able to access information about a user's contacts in Apple macOS
MediumCVE-2026-20680: A sandboxed app may be able to access sensitive user data in Apple macOS
HighActions
Updates to AI analysis require Pro Console access. Upgrade inside Console → Billing.
Need more coverage?
Upgrade to Pro Console in Console -> Billing for AI refresh and higher limits.
For incident response and remediation, OffSeq services can help resolve threats faster.