elunez eladmin Druid application-prod.yml default credentials_CVE-2025-8530

6.9 / 10

MEDIUM

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:P

Description

A vulnerability, which was classified as problematic, has been found in elunez eladmin up to 2.7. Affected by this issue is some unknown functionality of the file eladmin-system\src\main\resources\config\application-prod.yml of the component Druid. The manipulation of the argument login-username/login-password leads to use of default credentials. The attack may be launched remotely. The exploit has been disclosed to the public and may be used.

Basic Information

ID CVE-2025-8530

Source VulDB

Published Aug 4, 2025 at 23:02

Modified Aug 5, 2025 at 15:26

Affected Product

Vendor elunez

Product eladmin

Version 2.0

Affected Versions elunez eladmin 2.0
elunez eladmin 2.1
elunez eladmin 2.2
elunez eladmin 2.3
elunez eladmin 2.4
elunez eladmin 2.5
elunez eladmin 2.6
elunez eladmin 2.7

CWE Classification

CWE-1392

References

{
    "lastseen": "",
    "description": "A vulnerability, which was classified as problematic, has been found in elunez eladmin up to 2.7. Affected by this issue is some unknown functionality of the file eladmin-system\\src\\main\\resources\\config\\application-prod.yml of the component Druid. The manipulation of the argument login-username/login-password leads to use of default credentials. The attack may be launched remotely. The exploit has been disclosed to the public and may be used.",
    "published": "2025-08-04T23:02:06.927Z",
    "modified": "2025-08-05T15:26:51.524Z",
    "type": "cve",
    "title": "elunez eladmin Druid application-prod.yml default credentials",
    "source": "VulDB",
    "references": "https://vuldb.com/?id.318656\nhttps://vuldb.com/?ctiid.318656\nhttps://vuldb.com/?submit.622177\nhttps://github.com/elunez/eladmin/issues/883\nhttps://github.com/elunez/eladmin/issues/883#issue-3252078139",
    "id": "CVE-2025-8530",
    "bulletinFamily": "",
    "cwe": [
        "CWE-1392"
    ],
    "cvelist": null,
    "sourceData": "elunez eladmin 2.0\nelunez eladmin 2.1\nelunez eladmin 2.2\nelunez eladmin 2.3\nelunez eladmin 2.4\nelunez eladmin 2.5\nelunez eladmin 2.6\nelunez eladmin 2.7",
    "sourceHref": "",
    "cvss": {
        "score": 6.9,
        "severity": "MEDIUM",
        "vector": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:P",
        "version": "4.0"
    },
    "cvss2": [],
    "cvss3": {
        "version": "",
        "vectorString": "",
        "baseScore": 0,
        "baseSeverity": "",
        "attackVector": "",
        "attackComplexity": "",
        "privilegesRequired": "",
        "userInteraction": "",
        "scope": "",
        "confidentialityImpact": "",
        "integrityImpact": "",
        "availabilityImpact": "",
        "cvssV3": {
            "version": "",
            "vectorString": "",
            "baseScore": 0,
            "baseSeverity": "",
            "attackVector": "",
            "attackComplexity": "",
            "privilegesRequired": "",
            "userInteraction": "",
            "scope": "",
            "confidentialityImpact": "",
            "integrityImpact": "",
            "availabilityImpact": ""
        }
    },
    "href": "",
    "category_name": "CVE",
    "post_link": "",
    "product": "eladmin",
    "version": "2.0",
    "vendor": "elunez",
    "ai_description": "",
    "ai_severity": "",
    "ai_vendor": "",
    "ai_product": "",
    "ai_version": "",
    "ai_score": 0
}