cvedb.io
CVE-2025-10014
LOW · CVSS 3.1
EPSS exploitation probability: 0%
Published 2025-09-05T18:15:37.450 · Last modified 2026-06-17T08:27:31.353

Summary

A flaw has been found in elunez eladmin up to 2.7. This impacts the function updateUserEmail of the file /api/users/updateEmail/ of the component Email Address Handler. Executing manipulation of the argument id/email can lead to improper authorization. The attack may be performed from remote. Attacks of this nature are highly complex. The exploitability is said to be difficult. The exploit has been published and may be used. It is required to know the RSA-encrypted password of the attacked user account.

Affected products

eladmin — eladmin

Does this affect you?

Add your gear to cvedb and we'll alert you only when eladmin ships something exploited.

Check my exposure →

References

This product uses data from the NVD API but is not endorsed or certified by the NVD. Informational only; not professional security advice.