A vulnerability, which was classified as problematic, has been found in elunez eladmin up to 2.7. Affected by this issue is some unknown functionality of the file eladmin-system\src\main\resources\config\application-prod.yml of the component Druid. The manipulation of the argument login-username/login-password leads to use of default credentials. The attack may be launched remotely. The exploit has been disclosed to the public and may be used.
Fixes

Solution

No solution given by the vendor.


Workaround

No workaround given by the vendor.

History

Fri, 12 Sep 2025 16:15:00 +0000

Type Values Removed Values Added
First Time appeared Eladmin
Eladmin eladmin
Weaknesses CWE-798
CPEs cpe:2.3:a:eladmin:eladmin:*:*:*:*:*:*:*:*
Vendors & Products Eladmin
Eladmin eladmin

Tue, 05 Aug 2025 16:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'yes', 'Exploitation': 'poc', 'Technical Impact': 'partial'}, 'version': '2.0.3'}


Tue, 05 Aug 2025 07:45:00 +0000

Type Values Removed Values Added
First Time appeared Elunez
Elunez eladmin
Vendors & Products Elunez
Elunez eladmin

Mon, 04 Aug 2025 23:15:00 +0000

Type Values Removed Values Added
Description A vulnerability, which was classified as problematic, has been found in elunez eladmin up to 2.7. Affected by this issue is some unknown functionality of the file eladmin-system\src\main\resources\config\application-prod.yml of the component Druid. The manipulation of the argument login-username/login-password leads to use of default credentials. The attack may be launched remotely. The exploit has been disclosed to the public and may be used.
Title elunez eladmin Druid application-prod.yml default credentials
Weaknesses CWE-1392
References
Metrics cvssV2_0

{'score': 5, 'vector': 'AV:N/AC:L/Au:N/C:P/I:N/A:N/E:POC/RL:ND/RC:UR'}

cvssV3_0

{'score': 5.3, 'vector': 'CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N/E:P/RL:X/RC:R'}

cvssV3_1

{'score': 5.3, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N/E:P/RL:X/RC:R'}

cvssV4_0

{'score': 6.9, 'vector': 'CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:P'}


cve-icon MITRE

Status: PUBLISHED

Assigner: VulDB

Published:

Updated: 2025-08-05T15:26:51.524Z

Reserved: 2025-08-04T07:11:32.013Z

Link: CVE-2025-8530

cve-icon Vulnrichment

Updated: 2025-08-05T15:26:40.963Z

cve-icon NVD

Status : Analyzed

Published: 2025-08-04T23:15:28.770

Modified: 2025-09-12T16:09:34.907

Link: CVE-2025-8530

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2025-08-05T07:25:37Z