CVE-2025-10084 MEDIUM

CVE-2025-10084: elunez eladmin SysLogController 1 queryErrorLogDetail improper authorization

Vendor Elunez
Product eladmin
Weakness CWE-285
Published September 8, 2025
Last update September 8, 2025
View on NVD All CVEs

CVSS base score

5.3/10
Attack vector Network
Attack complexity Low
Privileges required Low
User interaction None
Confidentiality
Integrity

CVSS vector

CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:P

What the vulnerability does

01Description

A vulnerability was identified in elunez eladmin up to 2.7. This affects the function queryErrorLogDetail of the file /api/logs/error/1 of the component SysLogController. The manipulation leads to improper authorization. It is possible to initiate the attack remotely. The exploit is publicly available and might be used.

Key dates

02Disclosure timeline

September 8, 2025 CVE published
September 8, 2025 Record updated

Related vulnerabilities

04Related CVE

CVE-2025-32964 ManageWiki vulnerable to permission bypass when disabling extensions requiring certain permissions in Special:ManageWiki/extensions CVE-2025-49594 XWiki OIDC Authenticator vulnerable to creation of token for any user with just `view` right CVE-2023-33189 Incorrect Authorization with specially crafted requests CVE-2026-6564 EMQ EMQX Enterprise Session Handling improper authorization CVE-2023-5808 System Management Unit (SMU) versions prior to 14.8.7825.01, used to manage Hitachi Vantara NAS products are susceptible to unintended information disclosure via unprivileged access to HNAS configuration backup and diagnostic data.