Improper Authentication Vulnerability in JAdmin 1.0 Admin Backend by JAdmin-JAVA
CVE-2025-4494

6.9MEDIUM

Key Information:

Vendor

Jadmin-java

Status
Jadmin
Vendor
CVE Published:
9 May 2025

Badges

👾 Exploit Exists🟡 Public PoC

What is CVE-2025-4494?

An improper authentication vulnerability exists in the JAdmin 1.0 Admin Backend, specifically within the toLogin function in NoNeedLoginController.java. This flaw allows unauthorized users to gain access to the admin area without proper credentials, enabling potential remote exploitation. Publicly disclosed, it poses a significant risk to users of this software. Immediate action is advised to mitigate potential attacks.

Affected Version(s)

JAdmin 1.0

Exploit Proof of Concept (PoC)

PoC code is written by security researchers to demonstrate the vulnerability can be exploited. PoC code is also a key component for weaponization which could lead to ransomware.

CVE-2025-4494 - Proof of Concept

References

https://vuldb.com/?id.308208
vdb-entrytechnical-description
https://vuldb.com/?ctiid.308208
signaturepermissions-required
https://vuldb.com/?submit.566984
third-party-advisory

CVSS V4

Score:
6.9
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
Low
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Attack Required:
None
Privileges Required:
Undefined
User Interaction:
None

Timeline

  • 🟡

    Public PoC available

  • 👾

    Exploit known to exist

  • Vulnerability published

  • Vulnerability Reserved

Credit

bi8bu (VulDB User)
.