CVE-2025-5105: TOZED ZLT W51 Service Port 7777 heap inspection
Description
A vulnerability was found in TOZED ZLT W51 up to 1.4.2 and classified as critical. Affected by this issue is some unknown functionality of the component Service Port 7777. The manipulation leads to improper clearing of heap memory before release. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way. Eine Schwachstelle wurde in TOZED ZLT W51 bis 1.4.2 gefunden. Sie wurde als kritisch eingestuft. Dies betrifft einen unbekannten Teil der Komponente Service Port 7777. Durch die Manipulation mit unbekannten Daten kann eine improper clearing of heap memory before release-Schwachstelle ausgenutzt werden. Der Angriff kann über das Netzwerk passieren. Der Exploit steht zur öffentlichen Verfügung.
Classification
CVE ID: CVE-2025-5105
CVSS Base Severity: HIGH
CVSS Base Score: 7.3
CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
Problem Types
Improper Clearing of Heap Memory Before ReleaseAffected Products
Vendor: TOZED
Product: ZLT W51
Exploit Prediction Scoring System (EPSS)
EPSS Score: 0.06% (probability of being exploited)
EPSS Percentile: 17.25% (scored less or equal to compared to others)
EPSS Date: 2025-06-09 (when was this score calculated)
References
https://nvd.nist.gov/vuln/detail/CVE-2025-5105https://vuldb.com/?id.310082
https://vuldb.com/?ctiid.310082
https://vuldb.com/?submit.568495
https://github.com/Zephkek/LeakyTozed
https://github.com/Zephkek/LeakyTozed#41-proof-of-concept