CVE-2025-10389 | CRMEB up to 5.6.1 Administrator Password SystemAdminServices.php save ID improper authorization

A vulnerability has been found in CRMEB up to 5.6.1 and classified as critical. Impacted is the function Save of the file app/services/system/admin/SystemAdminServices.php of the component Administrator Password Handler. Performing manipulation of the argument ID results in improper authorization.

This vulnerability was named CVE-2025-10389. The attack may be initiated remotely. In addition, an exploit is available.

The vendor was contacted early about this disclosure but did not respond in any way.

CVE-2025-10389 | CRMEB up to 5.6.1 Administrator Password SystemAdminServices.php save ID improper authorization

Post correlati

CVE-2024-24824 | Graylog2 Server up to 5.1.10/5.2.3 HTTP PUT Request authorization (GHSA-p6gg-5hf4-4rgj)

CVE-2024-45400 | mlewand ckeditor-plugin-openlink up to 1.0.6 cross site scripting (GHSA-qj47-6x6q-m3c9)

CVE-2024-40400 | Automad 2.0.0 Image Upload unrestricted upload (Issue 106)

CVE-2025-33108 | IBM Backup Recovery and Media Services for i 7.4/7.5 unnecessary privileges (EUVD-2025-18318)