CVE-2025-64074 is a path traversal vulnerability identified in the logout functionality of Shenzhen Zhibotong Electronics ZBT WE2001 devices, specifically version 23.09.27. The flaw arises from improper validation of session cookie values, which attackers can manipulate to traverse the file system path and delete arbitrary files on the host device. This vulnerability is remotely exploitable over the network without requiring any authentication or user interaction, increasing its risk profile. The vulnerability is classified under CWE-22, indicating a failure to properly sanitize user-supplied input used in file path operations. The CVSS v3.1 base score is 5.3 (medium severity), with vector AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N, meaning it is network exploitable with low attack complexity, no privileges or user interaction needed, and impacts confidentiality only. No patches or fixes have been published yet, and no known exploits have been observed in the wild. The vulnerability could allow attackers to delete sensitive configuration or system files, potentially leading to information disclosure or indirect operational issues. However, it does not directly impact system integrity or availability. The affected product is a network device likely used in enterprise or industrial environments, making it a target for attackers seeking to compromise device confidentiality or disrupt operations through file deletion. The lack of authentication requirement and remote accessibility make this a notable threat that requires prompt mitigation.

The primary impact of CVE-2025-64074 is the unauthorized deletion of arbitrary files on affected Shenzhen Zhibotong Electronics ZBT WE2001 devices. This can lead to the loss of sensitive configuration files or system data, potentially exposing confidential information or causing misconfigurations. Although the vulnerability does not directly affect system integrity or availability, the deletion of critical files could indirectly disrupt device functionality or network operations. Organizations relying on these devices for network management or industrial control may face operational risks or data confidentiality breaches. Since exploitation requires no authentication and can be performed remotely, attackers can leverage this vulnerability to compromise devices without insider access. The absence of known exploits in the wild currently limits immediate widespread impact, but the vulnerability’s characteristics make it a plausible target for future attacks. The medium severity rating reflects moderate risk, but the potential for targeted attacks on critical infrastructure or enterprise networks elevates its importance. Overall, the threat could lead to information leakage, operational disruptions, and increased attack surface if exploited at scale.

To mitigate CVE-2025-64074 effectively, organizations should implement the following specific measures: 1) Restrict network access to the management interface of Shenzhen Zhibotong Electronics ZBT WE2001 devices using firewall rules or network segmentation to limit exposure to untrusted networks. 2) Monitor and validate session cookie handling on the device, applying input validation or sanitization to prevent path traversal exploitation. 3) Employ intrusion detection or prevention systems (IDS/IPS) with custom signatures to detect anomalous logout requests containing suspicious session cookie values. 4) Regularly audit device file systems and configurations for unauthorized changes or deletions. 5) Engage with the vendor for timely security patches or firmware updates addressing this vulnerability and apply them promptly once available. 6) Consider deploying endpoint detection and response (EDR) solutions on connected systems to identify lateral movement attempts stemming from compromised devices. 7) Educate network administrators about the vulnerability and enforce strict access controls and monitoring on affected devices. These targeted actions go beyond generic advice by focusing on access restriction, input validation, and proactive monitoring tailored to the vulnerability’s exploitation vector.