Deserialization Vulnerability in Elunez Eladmin by Elunez
CVE-2025-2855

5.1MEDIUM

Key Information:

Vendor

Elunez

Status
Eladmin
Vendor
CVE Published:
27 March 2025

What is CVE-2025-2855?

A deserialization vulnerability has been identified in the Elunez Eladmin product, affecting versions up to 2.7. This issue arises from the 'checkFile' function within the '/api/deploy/upload' endpoint. Malicious actors can exploit this vulnerability by manipulating the 'servers' argument, which could lead to unauthorized remote access and manipulation of system data.

Affected Version(s)

eladmin 2.0

eladmin 2.1

eladmin 2.2

References

https://vuldb.com/?id.301502
vdb-entrytechnical-description
https://vuldb.com/?ctiid.301502
signaturepermissions-required
https://vuldb.com/?submit.522504
third-party-advisory

CVSS V4

Score:
5.1
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
Low
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Attack Required:
None
Privileges Required:
Undefined
User Interaction:
None

Timeline

  • Vulnerability published

  • Vulnerability Reserved

Credit

s1mple_xy (VulDB User)
.