CVE-2025-8530

Medium CVSS: 5.5

A vulnerability, which was classified as problematic, has been found in elunez eladmin up to 2.7. Affected by this issue is some unknown functionality of the file eladmin-system\src\main\resources\config\application-prod.yml of the component Druid. The manipulation of the argument login-username/login-password leads to use of default credentials. The attack may be launched remotely. The exploit has been disclosed to the public and may be used.

Vendor

Eladmin

Product

Eladmin

CWE

CWE-1392

Yayın Tarihi

2025-08-04 23:15:28

Güncelleme

2025-09-12 16:09:34

Source Identifier

cna@vuldb.com

KEV Date Added

Kategoriler

CWE-1392 Eladmin MEDIUM Eladmin 2025

Referanslar

https://github.com/elunez/eladmin/issues/883 https://github.com/elunez/eladmin/issues/883#issue-3252078139 https://vuldb.com/?ctiid.318656 https://vuldb.com/?id.318656 https://vuldb.com/?submit.622177 https://github.com/elunez/eladmin/issues/883 https://github.com/elunez/eladmin/issues/883#issue-3252078139

Benzer Kayıtlar

Medium

CVE-2025-70997

A vulnerability has been discovered in eladmin v2.7 and before. This vulnerability allows for an arbitrary user password…

Medium

CVE-2025-10084

A vulnerability was identified in elunez eladmin up to 2.7. This affects the function queryErrorLogDetail of the file /a…

Low

CVE-2025-10014

A flaw has been found in elunez eladmin up to 2.7. This impacts the function updateUserEmail of the file /api/users/upda…

Medium

CVE-2025-9241

A weakness has been identified in elunez eladmin up to 2.7. This affects the function exportUser. This manipulation caus…

Medium

CVE-2025-9240

A security flaw has been discovered in elunez eladmin up to 2.7. Affected by this issue is some unknown functionality of…

Medium

CVE-2025-9239

A vulnerability was identified in elunez eladmin up to 2.7. Affected by this vulnerability is the function EncryptUtils…