CVE-2025-9240

Published: Aug 20, 2025Modified: Apr 29, 2026

2.1

Vector

CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

Show more

CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:XShow less

Source: CNA (Secondary)

Description

A security flaw has been discovered in elunez eladmin up to 2.7. Affected by this issue is some unknown functionality of the file /auth/info. The manipulation results in information disclosure. The attack can be launched remotely. The exploit has been released to the public and may be exploited.

Affected (1)

Products: Eladmin: Eladmin

1 product

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Eladmin Eladmin	Up to 2.7

Related CWEs

Exposure of Sensitive Information to an Unauthorized Actor

The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.

Improper Access Control

The product does not restrict or incorrectly restricts access to a resource from an unauthorized actor.

References (5)

https://github.com/elunez/eladmin/issues/885

Source: cna@vuldb.com

ExploitIssue TrackingVendor Advisory

https://github.com/elunez/eladmin/issues/885#issue-3307153708

Source: cna@vuldb.com

ExploitIssue TrackingVendor Advisory

https://vuldb.com/?ctiid.320773

Source: cna@vuldb.com

Permissions RequiredVDB Entry

https://vuldb.com/?id.320773

Source: cna@vuldb.com

Third Party AdvisoryVDB Entry

https://vuldb.com/?submit.631424

Source: cna@vuldb.com

Third Party AdvisoryVDB Entry

Timeline

No history available yet.