Cyber Resilience

CVE-2025-12917

LowPublic PoC

Published: 09 November 2025

Published
09 November 2025
Modified
29 April 2026
KEV Added
Patch
CVSS Score v4 2.1 CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
EPSS Score 0.0026 49.6th percentile
Risk Priority 4 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2025-12917 is a low-severity Improper Resource Shutdown or Release (CWE-404) vulnerability in Gztozed Zlt T10 Plus Firmware. Its CVSS base score is 2.1 (Low).

Operationally, exploitation aligns with the MITRE ATT&CK technique Application or System Exploitation (T1499.004); ranked at the 49.6th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.

EU & UK References

Vulnerability details

A vulnerability was identified in TOZED ZLT T10 T10PLUS_3.04.15. The affected element is an unknown function of the file /reqproc/proc_post of the component Reboot Handler. Such manipulation leads to denial of service. Access to the local network is required for…

more

this attack to succeed. The exploit is publicly available and might be used. The vendor was contacted early about this disclosure but did not respond in any way.

CWE(s)

Related Threats

MITRE ATT&CK Enterprise TechniquesAI

T1499.004 Application or System Exploitation Impact
Adversaries may exploit software vulnerabilities that can cause an application or system to crash and deny availability to users.
T1529 System Shutdown/Reboot Impact
Adversaries may shutdown/reboot systems to interrupt access to, or aid in the destruction of, those systems.
Why these techniques?

Unauthenticated POST to /reqproc/proc_post reboots the router, enabling application exploitation for endpoint DoS (T1499.004) and system reboot (T1529).

Affected Assets

gztozed
zlt t10 plus firmware
3.04.15

Mitigating Controls

Likely Mitigating Controls AI

Per-CVE control mapping for this CVE has not run yet; the list below is derived from the weakness types (CWEs) cited in the NVD entry.

addresses: CWE-404

Contingency plan updates incorporate proper resource shutdown and release steps, preventing attackers from leveraging incomplete cleanup during recovery scenarios.

addresses: CWE-404

Mandates explicit shutdown of the network connection at session conclusion, directly addressing improper resource release.

addresses: CWE-404

Requires proper shutdown/release procedures that include overwriting or isolating data to block unintended transfer via reused system objects.

addresses: CWE-404

Procedures can mandate orderly shutdown or release of resources when failures occur, preventing improper resource handling after a fault.

References