CVE-2025-8530

Name of the Vulnerable Software and Affected Versions elunez eladmin versions up to 2.7

Description A problematic issue has been identified in elunez eladmin. The vulnerability involves the use of default credentials due to the manipulation of the login-username and login-password arguments within the file eladmin-systemsrcmainresourcesconfigapplication-prod.yml related to the Druid component. This issue can be exploited remotely. The exploit has been publicly disclosed.

Recommendations Versions prior to 2.8: Address the issue by changing the default credentials for the Druid component. Versions prior to 2.8: Review and secure the configuration file eladmin-systemsrcmainresourcesconfigapplication-prod.yml to prevent the use of default credentials. Versions prior to 2.8: Restrict access to the login-username and login-password arguments to prevent unauthorized manipulation.