Inadequate Encryption in Elunez Eladmin DES Key Handler
CVE-2025-9239

6.3MEDIUM

Key Information:

Vendor

Elunez

Status
Eladmin
Vendor
CVE Published:
20 August 2025

What is CVE-2025-9239?

A vulnerability exists in Elunez Eladmin versions up to 2.7, specifically within the DES Key Handler's EncryptUtils function. An attacker can exploit this weakness by manipulating the STR_PARAM argument, particularly when using the input 'Passw0rd', leading to insufficient encryption strength. This security flaw allows for potential remote attacks, although the complexity of executing such exploits remains high, making successful attacks challenging.

Affected Version(s)

eladmin 2.0

eladmin 2.1

eladmin 2.2

References

https://vuldb.com/?id.320772
vdb-entrytechnical-description
https://vuldb.com/?ctiid.320772
signaturepermissions-required
https://vuldb.com/?submit.631393
third-party-advisory

CVSS V4

Score:
6.3
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
None
Availability:
None
Attack Vector:
Network
Attack Complexity:
High
Attack Required:
None
Privileges Required:
Undefined
User Interaction:
None

Timeline

  • Vulnerability published

  • Vulnerability Reserved

Credit

ez-lbz (VulDB User)
.