CVE-2025-8260

Low CVSS: 2.3

A vulnerability has been found in Vaelsys 4.1.0 and classified as problematic. This vulnerability affects unknown code of the file /grid/vgrid_server.php of the component MD4 Hash Handler. The manipulation of the argument xajaxargs leads to use of weak hash. The attack can be initiated remotely. The complexity of an attack is rather high. The exploitation appears to be difficult. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.

Vendor

Vaelsys

Product

Vaelsys

CWE

CWE-327

Yayın Tarihi

2025-07-28 06:15:25

Güncelleme

2025-07-31 17:30:41

Source Identifier

cna@vuldb.com

KEV Date Added

Kategoriler

CWE-327 Vaelsys LOW Vaelsys 2025

Referanslar

https://github.com/waiwai24/0101/blob/main/CVEs/Vaelsys/Unauthorized_Access_Leads_to_Sensitive_Information_Leakage_in_Vaelsys_V4_Platform.md https://vuldb.com/?ctiid.317848 https://vuldb.com/?id.317848 https://vuldb.com/?submit.616922

Benzer Kayıtlar

Medium

CVE-2026-2952

A flaw has been found in Vaelsys 4.1.0. This vulnerability affects unknown code of the file /tree/tree_server.php of the…

Medium

CVE-2025-8261

A vulnerability was found in Vaelsys 4.1.0 and classified as critical. This issue affects some unknown processing of the…

Medium

CVE-2025-8259

A vulnerability, which was classified as critical, was found in Vaelsys 4.1.0. This affects the function execute_DataObj…