CVE-2025-9240

Summary

A security flaw has been discovered in elunez eladmin up to 2.7. Affected by this issue is some unknown functionality of the file /auth/info. The manipulation results in information disclosure. The attack can be launched remotely. The exploit has been released to the public and may be exploited.

Affected Software

VendorProductVersion RangeStatus
elunezeladmin2.0affected
elunezeladmin2.1affected
elunezeladmin2.2affected
elunezeladmin2.3affected
elunezeladmin2.4affected
elunezeladmin2.5affected
elunezeladmin2.6affected
elunezeladmin2.7affected

Weaknesses

  • CWE-200: Information Disclosure
  • CWE-284: Improper Access Controls

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: partial

References