5.2

CVE-2025-54983

Health check port on ZCC allows tunnel bypass

A health check port on Zscaler Client Connector on Windows, versions 4.6 <  4.6.0.216 and 4.7 < 4.7.0.47, which under specific circumstances was not released after use, allowed traffic to potentially bypass ZCC forwarding controls.
Daten sind bereitgestellt durch das CVE Programm von einer CVE Numbering Authority (CNA) (Unstrukturiert).
HerstellerZscaler
Produkt Zscaler Client Connector
Default Statusunaffected
Version 4.6
Version < 4.6.0.216
Status affected
Version 4.7
Version < 4.7.0.47
Status affected
VulnDex Vulnerability Enrichment
Diese Information steht angemeldeten Benutzern zur Verfügung. Login Login
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 0.11% 0.015
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
cve@zscaler.com 5.2 2 2.7
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N
CWE-772 Missing Release of Resource after Effective Lifetime

The product does not release a resource after its effective lifetime has ended, i.e., after the resource is no longer needed.

https://help.zscaler.com/zscaler-client-connector/client-connector-app-release-summary-2025