A vulnerability was determined in TOZED ZLT M30s up to 1.47. The affected element is an unknown function of the component UART Interface. Executing manipulation can lead to on-chip debug and test interface with improper access control. The physical device can be targeted for the attack. Attacks of this nature are highly complex. The exploitability is described as difficult. The exploit has been publicly disclosed and may be utilized. The vendor was contacted early about this disclosure but did not respond in any way.
PUBLISHED5.2CWE-1191
TOZED ZLT M30s UART on-chip debug and test interface with improper access control
Problem type
Affected products
TOZED
ZLT M30s
1.0 - AFFECTED
1.1 - AFFECTED
1.2 - AFFECTED
1.3 - AFFECTED
1.4 - AFFECTED
1.5 - AFFECTED
1.6 - AFFECTED
1.7 - AFFECTED
1.8 - AFFECTED
1.9 - AFFECTED
1.10 - AFFECTED
1.11 - AFFECTED
1.12 - AFFECTED
1.13 - AFFECTED
1.14 - AFFECTED
1.15 - AFFECTED
1.16 - AFFECTED
1.17 - AFFECTED
1.18 - AFFECTED
1.19 - AFFECTED
1.20 - AFFECTED
1.21 - AFFECTED
1.22 - AFFECTED
1.23 - AFFECTED
1.24 - AFFECTED
1.25 - AFFECTED
1.26 - AFFECTED
1.27 - AFFECTED
1.28 - AFFECTED
1.29 - AFFECTED
1.30 - AFFECTED
1.31 - AFFECTED
1.32 - AFFECTED
1.33 - AFFECTED
1.34 - AFFECTED
1.35 - AFFECTED
1.36 - AFFECTED
1.37 - AFFECTED
1.38 - AFFECTED
1.39 - AFFECTED
1.40 - AFFECTED
1.41 - AFFECTED
1.42 - AFFECTED
1.43 - AFFECTED
1.44 - AFFECTED
1.45 - AFFECTED
1.46 - AFFECTED
1.47 - AFFECTED
References
VDB-338411 | TOZED ZLT M30s UART on-chip debug and test interface with improper access control
https://vuldb.com/?id.338411
VDB-338411 | CTI Indicators (IOB, IOC)
https://vuldb.com/?ctiid.338411
Submit #707974 | TOZED ZLT M30s 1.47 Improper Access Control in Debug Interface
https://vuldb.com/?submit.707974
hacklab.eu.org
https://hacklab.eu.org/blogs/zlt_m30s_debug_interface
GitHub Security Advisories
GHSA-4rqq-pph2-52g5
A vulnerability was determined in TOZED ZLT M30s up to 1.47. The affected element is an unknown...
https://github.com/advisories/GHSA-4rqq-pph2-52g5A vulnerability was determined in TOZED ZLT M30s up to 1.47. The affected element is an unknown function of the component UART Interface. Executing manipulation can lead to on-chip debug and test interface with improper access control. The physical device can be targeted for the attack. Attacks of this nature are highly complex. The exploitability is described as difficult. The exploit has been publicly disclosed and may be utilized. The vendor was contacted early about this disclosure but did not respond in any way.
nvd.nist.gov
https://nvd.nist.gov/vuln/detail/CVE-2025-15083
hacklab.eu.org
https://hacklab.eu.org/blogs/zlt_m30s_debug_interface
vuldb.com
https://vuldb.com/?ctiid.338411
vuldb.com
https://vuldb.com/?id.338411
vuldb.com
https://vuldb.com/?submit.707974
github.com
https://github.com/advisories/GHSA-4rqq-pph2-52g5
JSON source
https://cveawg.mitre.org/api/cve/CVE-2025-15083Click to expand
{
"dataType": "CVE_RECORD",
"dataVersion": "5.2",
"cveMetadata": {
"cveId": "CVE-2025-15083",
"assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"assignerShortName": "VulDB",
"dateUpdated": "2025-12-25T17:32:06.260Z",
"dateReserved": "2025-12-25T09:36:38.360Z",
"datePublished": "2025-12-25T17:32:06.260Z",
"state": "PUBLISHED"
},
"containers": {
"cna": {
"providerMetadata": {
"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"shortName": "VulDB",
"dateUpdated": "2025-12-25T17:32:06.260Z"
},
"title": "TOZED ZLT M30s UART on-chip debug and test interface with improper access control",
"descriptions": [
{
"lang": "en",
"value": "A vulnerability was determined in TOZED ZLT M30s up to 1.47. The affected element is an unknown function of the component UART Interface. Executing manipulation can lead to on-chip debug and test interface with improper access control. The physical device can be targeted for the attack. Attacks of this nature are highly complex. The exploitability is described as difficult. The exploit has been publicly disclosed and may be utilized. The vendor was contacted early about this disclosure but did not respond in any way."
}
],
"affected": [
{
"vendor": "TOZED",
"product": "ZLT M30s",
"modules": [
"UART Interface"
],
"versions": [
{
"version": "1.0",
"status": "affected"
},
{
"version": "1.1",
"status": "affected"
},
{
"version": "1.2",
"status": "affected"
},
{
"version": "1.3",
"status": "affected"
},
{
"version": "1.4",
"status": "affected"
},
{
"version": "1.5",
"status": "affected"
},
{
"version": "1.6",
"status": "affected"
},
{
"version": "1.7",
"status": "affected"
},
{
"version": "1.8",
"status": "affected"
},
{
"version": "1.9",
"status": "affected"
},
{
"version": "1.10",
"status": "affected"
},
{
"version": "1.11",
"status": "affected"
},
{
"version": "1.12",
"status": "affected"
},
{
"version": "1.13",
"status": "affected"
},
{
"version": "1.14",
"status": "affected"
},
{
"version": "1.15",
"status": "affected"
},
{
"version": "1.16",
"status": "affected"
},
{
"version": "1.17",
"status": "affected"
},
{
"version": "1.18",
"status": "affected"
},
{
"version": "1.19",
"status": "affected"
},
{
"version": "1.20",
"status": "affected"
},
{
"version": "1.21",
"status": "affected"
},
{
"version": "1.22",
"status": "affected"
},
{
"version": "1.23",
"status": "affected"
},
{
"version": "1.24",
"status": "affected"
},
{
"version": "1.25",
"status": "affected"
},
{
"version": "1.26",
"status": "affected"
},
{
"version": "1.27",
"status": "affected"
},
{
"version": "1.28",
"status": "affected"
},
{
"version": "1.29",
"status": "affected"
},
{
"version": "1.30",
"status": "affected"
},
{
"version": "1.31",
"status": "affected"
},
{
"version": "1.32",
"status": "affected"
},
{
"version": "1.33",
"status": "affected"
},
{
"version": "1.34",
"status": "affected"
},
{
"version": "1.35",
"status": "affected"
},
{
"version": "1.36",
"status": "affected"
},
{
"version": "1.37",
"status": "affected"
},
{
"version": "1.38",
"status": "affected"
},
{
"version": "1.39",
"status": "affected"
},
{
"version": "1.40",
"status": "affected"
},
{
"version": "1.41",
"status": "affected"
},
{
"version": "1.42",
"status": "affected"
},
{
"version": "1.43",
"status": "affected"
},
{
"version": "1.44",
"status": "affected"
},
{
"version": "1.45",
"status": "affected"
},
{
"version": "1.46",
"status": "affected"
},
{
"version": "1.47",
"status": "affected"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"lang": "en",
"description": "On-Chip Debug and Test Interface With Improper Access Control",
"cweId": "CWE-1191",
"type": "CWE"
}
]
}
],
"references": [
{
"url": "https://vuldb.com/?id.338411",
"name": "VDB-338411 | TOZED ZLT M30s UART on-chip debug and test interface with improper access control",
"tags": [
"vdb-entry"
]
},
{
"url": "https://vuldb.com/?ctiid.338411",
"name": "VDB-338411 | CTI Indicators (IOB, IOC)",
"tags": [
"signature",
"permissions-required"
]
},
{
"url": "https://vuldb.com/?submit.707974",
"name": "Submit #707974 | TOZED ZLT M30s 1.47 Improper Access Control in Debug Interface",
"tags": [
"third-party-advisory"
]
},
{
"url": "https://hacklab.eu.org/blogs/zlt_m30s_debug_interface",
"tags": [
"exploit"
]
}
],
"metrics": [
{},
{
"cvssV3_1": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:P/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N/E:P/RL:X/RC:R",
"baseScore": 2,
"baseSeverity": "LOW"
}
},
{
"cvssV3_0": {
"version": "3.0",
"vectorString": "CVSS:3.0/AV:P/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N/E:P/RL:X/RC:R",
"baseScore": 2,
"baseSeverity": "LOW"
}
},
{
"cvssV2_0": {
"version": "2.0",
"vectorString": "AV:L/AC:H/Au:N/C:P/I:N/A:N/E:POC/RL:ND/RC:UR",
"baseScore": 1.2
}
}
],
"timeline": [
{
"time": "2025-12-25T00:00:00.000Z",
"lang": "en",
"value": "Advisory disclosed"
},
{
"time": "2025-12-25T01:00:00.000Z",
"lang": "en",
"value": "VulDB entry created"
},
{
"time": "2025-12-25T10:42:28.000Z",
"lang": "en",
"value": "VulDB entry last update"
}
],
"credits": [
{
"lang": "en",
"value": "S33K3R (VulDB User)",
"type": "reporter"
}
]
}
}
}