5.2
CVE-2025-54983
- EPSS 0.11%
- Veröffentlicht 12.11.2025 03:07:39
- Zuletzt bearbeitet 15.04.2026 00:35:42
- Quelle cve@zscaler.com
- CVE-Watchlists
- Unerledigt
Health check port on ZCC allows tunnel bypass
A health check port on Zscaler Client Connector on Windows, versions 4.6 < 4.6.0.216 and 4.7 < 4.7.0.47, which under specific circumstances was not released after use, allowed traffic to potentially bypass ZCC forwarding controls.
Daten sind bereitgestellt durch das CVE Programm von einer CVE Numbering Authority (CNA) (Unstrukturiert).
HerstellerZscaler
≫
Produkt
Zscaler Client Connector
Default Statusunaffected
Version
4.6
Version <
4.6.0.216
Status
affected
Version
4.7
Version <
4.7.0.47
Status
affected
VulnDex Vulnerability Enrichment
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.11% | 0.015 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| cve@zscaler.com | 5.2 | 2 | 2.7 |
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N
|
CWE-772 Missing Release of Resource after Effective Lifetime
The product does not release a resource after its effective lifetime has ended, i.e., after the resource is no longer needed.
https://help.zscaler.com/zscaler-client-connector/client-connector-app-release-summary-2025