PatchSiren cyber security CVE debrief
CVE-2026-25084 ZLAN Information Technology Co. CVE debrief
CVE-2026-25084 is a critical authentication-bypass issue affecting ZLAN Information Technology Co. ZLAN5143D devices. According to the CISA CSAF advisory, authentication can be bypassed by directly accessing internal URLs, which can allow an unauthenticated attacker to reach functionality that should be protected.
- Vendor
- ZLAN Information Technology Co.
- Product
- ZLAN5143D
- CVSS
- CRITICAL 9.8
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2026-02-10
- Original CVE updated
- 2026-02-10
- Advisory published
- 2026-02-10
- Advisory updated
- 2026-02-10
Who should care
Organizations that deploy or administer ZLAN5143D devices, especially teams responsible for device administration, network segmentation, and monitoring of externally or internally reachable management interfaces.
Technical summary
The advisory describes an authentication bypass caused by direct access to internal URLs. The supplied CVSS vector is CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H, indicating a network-reachable issue with no privileges or user interaction required and the potential for high confidentiality, integrity, and availability impact. The advisory also maps the weakness to CWE-306 (Missing Authentication for Critical Function).
Defensive priority
Immediate. Treat as a high-risk exposure on any reachable ZLAN5143D deployment until vendor guidance or a fix is available.
Recommended defensive actions
- Inventory all ZLAN5143D devices and determine whether any management or internal URLs are reachable from untrusted networks.
- Restrict access to device administration interfaces with network segmentation, allowlisting, VPN-only access, or equivalent controls.
- Monitor authentication and access logs for unusual direct access to internal URLs or unexpected administrative activity.
- Contact ZLAN Information Technology Co. for update and remediation guidance using the vendor contact path cited in the advisory.
- Apply vendor updates as soon as they are available and verify that the authentication bypass is no longer reachable.
- Review adjacent systems and operational procedures for any reliance on the affected device's trust boundary assumptions.
Evidence notes
This debrief is based on the CISA CSAF advisory ICSA-26-041-02 and its embedded metadata for CVE-2026-25084. The source corpus explicitly states that authentication can be bypassed by directly accessing internal URLs, includes the CVSS 3.1 vector, identifies CWE-306, and notes that ZLAN Information Technology Co. did not respond to CISA's coordination attempts. Publication date used here is the supplied CVE/advisory publication date of 2026-02-10.
Official resources
-
CVE-2026-25084 CVE record
CVE.org
-
CVE-2026-25084 NVD detail
NVD
-
Source item URL
cisa_csaf
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
CISA published advisory ICSA-26-041-02 and the corresponding CSAF record on 2026-02-10. The source material states that ZLAN Information Technology Co. did not respond to CISA's coordination attempts. No exploit code or weaponized details [