CVE-2025-13651

Published: Feb 11, 2026Modified: Mar 26, 2026

6.9

Vector

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

Show more

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:XShow less

Source: ffb98d57-deaa-4918-a669-5225ccc13e39 (Secondary)

Description

Exposure of Sensitive System Information to an Unauthorized Actor vulnerability in Microcom ZeusWeb allows Web Application Fingerprinting of sensitive data. This issue affects ZeusWeb: 6.1.31.

Affected (1)

Products: Microcom360: Zeusweb

1 product

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Microcom360 Zeusweb	From 6.1.31

Related CWEs

Exposure of Sensitive System Information to an Unauthorized Control Sphere

The product does not properly prevent sensitive system-level information from being accessed by unauthorized actors who do not have the same level of access to the underlying system as the product does.

References (4)

https://www.hackrtu.com/blog/CNA-CVE-2025-13651/

Source: ffb98d57-deaa-4918-a669-5225ccc13e39

Third Party Advisory

https://www.hackrtu.com/blog/CNA-HRTU-0001/

Source: ffb98d57-deaa-4918-a669-5225ccc13e39

Third Party Advisory

https://www.microcom360.com/servicio-zeus-web/

Source: ffb98d57-deaa-4918-a669-5225ccc13e39

Product

https://zeus.microcom.es:4040/

Source: ffb98d57-deaa-4918-a669-5225ccc13e39

Permissions Required

Timeline

No history available yet.