Unauthorized Login Vulnerability in Vue Vben Admin by Vue
CVE-2025-25570

9.8CRITICAL

Key Information:

Vendor: Vue
Status: Vben Admin
Vendor: CVE Published:; 27 February 2025

What is CVE-2025-25570?

Vue Vben Admin version 2.10.1 is susceptible to unauthorized backend access caused by the presence of hardcoded credentials. This vulnerability allows attackers to gain entrance into the administrative interface without proper authentication, potentially leading to unauthorized actions within the system. It is crucial for users of this product to apply necessary security measures to mitigate this risk.

References

https://github.com/Hackerhan/Vben-Admin

EPSS Score

20% chance of being exploited in the next 30 days.

CVSS V3.1

Score:

9.8

Severity:

CRITICAL

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Feb 27, 2025
Vulnerability Reserved
Feb 7, 2025

CVE-2025-25570 Data

JSON