CVE-2025-3250

MEDIUM

elunez eladmin 2.7 - Deserialization

Title source: llm

Description

A vulnerability, which was classified as problematic, has been found in elunez eladmin 2.7. Affected by this issue is some unknown functionality of the file /api/database/testConnect of the component Maintenance Management Module. The manipulation leads to deserialization. The attack may be launched remotely. The exploit has been disclosed to the public and may be used.

References (4)

[Permissions Required, VDB Entry] https://vuldb.com/?ctiid.303320

[Third Party Advisory, VDB Entry] https://vuldb.com/?id.303320

[Third Party Advisory, VDB Entry] https://vuldb.com/?submit.546132

[Permissions Required] https://www.yuque.com/u520611/giuhru/vfvchim8sphv2y1g?singleDoc

Scores

CVSS v3 4.3

EPSS 0.0021

EPSS Percentile 43.8%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

Classification

CWE

CWE-502 CWE-20

Status published

Affected Products (1)

eladmin/eladmin

Timeline

Published Apr 04, 2025

Tracked Since Feb 18, 2026