CVE-2025-2855

MEDIUM

Eladmin < 2.7 - Insecure Deserialization

Title source: rule

Description

A vulnerability, which was classified as problematic, has been found in elunez eladmin up to 2.7. Affected by this issue is the function checkFile of the file /api/deploy/upload. The manipulation of the argument servers leads to deserialization. The attack may be launched remotely.

References (4)

[Exploit, Issue Tracking, Vendor Advisory] https://github.com/elunez/eladmin/issues/873

[Permissions Required, VDB Entry] https://vuldb.com/?ctiid.301502

[Third Party Advisory, VDB Entry] https://vuldb.com/?id.301502

[Third Party Advisory, VDB Entry] https://vuldb.com/?submit.522504

Scores

CVSS v3 4.7

EPSS 0.0101

EPSS Percentile 76.8%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L

Classification

CWE

CWE-502 CWE-20

Status published

Affected Products (1)

eladmin/eladmin < 2.7

Timeline

Published Mar 27, 2025

Tracked Since Feb 18, 2026