Improper Authorization Vulnerability in Juzaweb CMS by juzaweb
CVE-2025-6735

6.3MEDIUM

Key Information:

Vendor: juzaweb
Status: Juzaweb CMS
Vendor: CVE Published:; 27 June 2025

What is CVE-2025-6735?

A security issue has been identified in Juzaweb CMS version 3.4.2, specifically affecting the Import Page within the administrative component. An unauthorized user can exploit this vulnerability by manipulating a certain function, leading to improper authorization. This flaw enables attackers to carry out remote exploitation, which has already come to public attention. Despite early notification, the vendor has yet to address or respond to the reported issue.

References

https://github.com/Cyber-Wo0dy/report/blob/main/juzawebcm...

https://vuldb.com/?ctiid.314010

https://vuldb.com/?id.314010

CVSS V3.1

Score:

6.3

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jun 27, 2025