CVE-2025-10389

Name of the Vulnerable Software and Affected Versions: CRMEB versions up to 5.6.1

Description: A security flaw exists in CRMEB due to improper authorization when manipulating the ID argument within the Save function of the app/services/system/admin/SystemAdminServices.php file, specifically in the Administrator Password Handler component. This issue may be exploited remotely. The exploit has been publicly released, and the vendor was notified but did not respond.

Recommendations: Versions prior to 5.6.1 are affected. At the moment, there is no information about a newer version that contains a fix for this vulnerability.