CVE-2025-8260

LOW

Vaelsys VaelsysV4 <= 5.1.0/5.4.0 - Use of Weak Hash via xajaxargs Parameter

Title source: llm
STIX 2.1

Description

A security flaw has been discovered in Vaelsys VaelsysV4 up to 5.1.0/5.4.0. This affects an unknown part of the file /grid/vgrid_server.php of the component Web interface. Performing a manipulation of the argument xajaxargs results in use of weak hash. The attack is possible to be carried out remotely. The complexity of an attack is rather high. It is indicated that the exploitability is difficult. The exploit has been released to the public and may be used for attacks. Upgrading to version 5.1.1 and 5.4.1 is able to mitigate this issue. Upgrading the affected component is recommended.

References (8)

Core 8
Core References
Vdb Entry, Technical Description vdb-entry technical-description
VDB-317848 | Vaelsys VaelsysV4 Web interface vgrid_server.php weak hash
https://vuldb.com/vuln/317848
Signature, Permissions Required signature permissions-required
VDB-317848 | CTI Indicators (IOB, IOC, TTP, IOA)
https://vuldb.com/vuln/317848/cti
Third Party Advisory third-party-advisory
Submit #616922 | Vaelsys Vaelsys V4 v4.1.0 Unauthorized Access Leads to Sensitive Information Leakage
https://vuldb.com/submit/616922
Permissions Required, VDB Entry
https://vuldb.com/?ctiid.317848
Third Party Advisory, VDB Entry
https://vuldb.com/?id.317848
Third Party Advisory, VDB Entry
https://vuldb.com/?submit.616922

Scores

CVSS v3 3.1
EPSS 0.0022
EPSS Percentile 12.1%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N

CISA SSVC

Vulnrichment
Exploitation poc
Automatable no
Technical Impact partial

Details

CWE
CWE-327 CWE-328
Status published
Products (9)
vaelsys/vaelsys 4.1.0
Vaelsys/VaelsysV4 5.0
Vaelsys/VaelsysV4 5.1
Vaelsys/VaelsysV4 5.1.0
Vaelsys/VaelsysV4 5.1.1
Vaelsys/VaelsysV4 5.2
Vaelsys/VaelsysV4 5.3
Vaelsys/VaelsysV4 5.4.0
Vaelsys/VaelsysV4 5.4.1
Published Jul 28, 2025
Tracked Since Feb 18, 2026