CVE-2025-10014

A flaw has been found in elunez eladmin up to 2.7. This impacts the function updateUserEmail of the file /api/users/updateEmail/ of the component Email Address Handler. Executing manipulation of the argument id/email can lead to improper authorization. The attack may be performed from remote. Attacks of this nature are highly complex. The exploitability is said to be difficult. The exploit has been published and may be used. It is required to know the RSA-encrypted password of the attacked user account.

Published: Sep 5, 2025
Updated: Nov 4, 2025
CVE: CVE-2025-10014
Severity: Low
Exploit:

CVSS v3:

Severity: Low
Score: 3.1
AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:N

CVSS v2:

Severity: Low
Score: 2.1
AV:N/AC:H/Au:S/C:N/I:P/A:N

CWEs:

CWE-266
CWE-285

OWASP TOP 10:

A5 - Broken Access Control

Affected Software
References

Software	From	Fixed in
eladmin / eladmin	-	2.7.x

https://vuldb.com/?ctiid.322739
https://vuldb.com/?id.322739
https://vuldb.com/?submit.643840
https://www.cnblogs.com/aibot/p/19063332

Vulnerability Database

CVE-2025-10014

Deep Security Visibility Without the Complexity