Arbitrary Password Reset Vulnerability in eladmin Product by Elunez
CVE-2025-70997

8.1HIGH

Key Information:

Vendor: Elunez
Status: eladmin
Vendor: CVE Published:; 4 February 2026

What is CVE-2025-70997?

A security flaw has been identified in the eladmin application, specifically in versions 2.7 and prior. This vulnerability enables an attacker to reset user passwords without proper authorization, regardless of the user's permission level. Such an exploit can lead to unauthorized access to sensitive information and compromise user accounts. Organizations using eladmin are urged to assess their exposure and apply necessary updates to mitigate the risk.

References

https://github.com/elunez/eladmin

https://github.com/fofo137/CVE/issues/1

CVSS V3.1

Score:

8.1

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Feb 4, 2026
Vulnerability Reserved
Jan 9, 2026

CVE-2025-70997 Data

JSON