Insufficient URL Validation in ZimaOS Operating System Affects Internal Services

CVE-2025-64427

What is CVE-2025-64427?

ZimaOS, an operating system designed for Zima devices and x86-64 systems, exhibits a vulnerability due to inadequate validation or restrictions concerning target URLs in versions 1.5.0 and earlier. An authenticated local user may exploit this flaw by crafting requests aimed at internal IP addresses, such as localhost or private network ranges, enabling unauthorized access to internal HTTP/HTTPS services. This creates a risk of interactions with services that should remain inaccessible publicly or to local users. Currently, there is no publicly available patch for this vulnerability.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch →

References