CVE-2025-8530

Summary

A vulnerability, which was classified as problematic, has been found in elunez eladmin up to 2.7. Affected by this issue is some unknown functionality of the file eladmin-system\src\main\resources\config\application-prod.yml of the component Druid. The manipulation of the argument login-username/login-password leads to use of default credentials. The attack may be launched remotely. The exploit has been disclosed to the public and may be used.

Affected Software

VendorProductVersion RangeStatus
elunezeladmin2.0affected
elunezeladmin2.1affected
elunezeladmin2.2affected
elunezeladmin2.3affected
elunezeladmin2.4affected
elunezeladmin2.5affected
elunezeladmin2.6affected
elunezeladmin2.7affected

Weaknesses

  • CWE-1392: Use of Default Credentials

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: poc
    • Automatable: yes
    • Technical Impact: partial

Additional References

References