Home / Vulnerability Intelligence / CVE-2025-66945

CVE-2025-66945 - Vulnerability Analysis

CriticalCVSS: 9.1

Last Updated: March 4, 2026

Zdir Pro - Path Traversal

Published: March 3, 2026Updated: March 4, 2026PoC AvailableRemote Exploitable

Overview

Zdir Pro 4.x contains a path traversal vulnerability caused by improper handling of crafted ZIP archives in the /api/extract endpoint, letting attackers overwrite arbitrary files and potentially execute code remotely, exploit requires crafted ZIP archive.

Severity & Score

Severity: Critical

CVSS Score: 9.1

EPSS Score: 11.9%(Probability of exploitation in next 30 days)

Impact

Attackers can overwrite arbitrary files and potentially execute code remotely, leading to full system compromise.

Mitigation

Update to the latest version with the vulnerability fixed.

References

Social Media Activity(1 post)

TheHackerWire

@thehackerwire

Mar 4, 2026

🔴 CVE-2025-66945 - Critical (9.1) A path traversal vulnerability exists in the ZIP extraction API of Zdir Pro 4.x. When a crafted ZIP archive is processed by the backend at /api/extract, files may be written outside the intended directory, leading to arbitrary file overwrite and p... 🔗 https://www.thehackerwire.com/vulnerability/CVE-2025-66945/ #CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

View original post

Related Resources

Details

CVE ID: CVE-2025-66945
Severity: Critical
CVSS Score: 9.1
Type: path_traversal
Status: confirmed
EPSS: 11.9%
Social Posts: 1

CWE

CWE-787

CVSS Metrics

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N

EPSS Score

11.9%Probability of exploitation in the next 30 days