CVE-2025-10014 | elunez eladmin up to 2.7 Email Address /api/users/updateEmail/ updateUserEmail id/email improper authorization

Inserito da Angelo Barbosa | Set 5, 2025 | CVE

A vulnerability labeled as critical has been found in elunez eladmin up to 2.7. This impacts the function updateUserEmail of the file /api/users/updateEmail/ of the component Email Address Handler. Executing manipulation of the argument id/email can lead to improper authorization.

This vulnerability appears as CVE-2025-10014. The attack may be performed from remote. In addition, an exploit is available.

It is required to know the RSA-encrypted password of the attacked user account.

CVE-2025-10014 | elunez eladmin up to 2.7 Email Address /api/users/updateEmail/ updateUserEmail id/email improper authorization

Post correlati

CVE-2024-13732 | cyberchimps Responsive Blocks Plugin up to 1.9.9 on WordPress section_tag cross site scripting

CVE-2025-46405 | F5 BIG-IP APM up to 15.1.10/16.1.5/17.1.2 Traffic Management Microkernel denial of service (K000151546)

CVE-2024-45496 | Red Hat OpenShift Controller Manager insecure inherited permissions

CVE-2024-13526 | metagauss EventPrime Plugin up to 4.0.7.3 on WordPress export_submittion_attendees authorization