CVE-2026-25084
Published: 11 February 2026
Description
Authentication for ZLAN5143D can be bypassed by directly accessing internal URLs.
Mitigating Controls (NIST 800-53 r5)AI
Directly prohibits permitted actions without identification or authentication for critical functions like internal URLs, addressing the core CWE-306 missing authentication issue.
Enforces approved authorizations for logical access, preventing attackers from bypassing authentication via direct access to internal URLs.
Requires unique identification and authentication of system services exposed via internal URLs, mitigating unauthenticated remote access exploits.
Security SummaryAI
CVE-2026-25084 is a critical authentication bypass vulnerability (CVSS 9.8, CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H) affecting the ZLAN5143D device. Published on 2026-02-11, it stems from CWE-306 (Missing Authentication for Critical Function), allowing attackers to circumvent authentication by directly accessing internal URLs.
Remote, unauthenticated attackers with network access to the device can exploit this vulnerability with low complexity and no user interaction. Successful exploitation grants high-impact access, enabling confidentiality breaches, integrity modifications, and availability disruptions on the affected ZLAN5143D component.
CISA has issued ICS Advisory ICSA-26-041-02 detailing the issue, available at cisa.gov and in CSAF format on GitHub. Additional guidance may be obtained via the manufacturer's contact page at zlmcu.com/en/contact_us.htm.
Details
- CWE(s)
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
CVE-2026-25084 enables remote authentication bypass via direct access to internal URLs on a network-accessible device, directly facilitating exploitation of public-facing applications.