The eladmin v2.7 and before contains a remote code execution (RCE) vulnerability that can control all application deployment servers of this management system via DeployController.java.
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:HEladmin
APPEladmin≤ 2.7
🔵
CHECK WITH VENDOR
No clear patch data available. Check vendor references.
Tags
RCE
CWE
Related vulnerabilities
CVE-2025-22978CRITICAL9.8PL ✓ten sam produkt
CSV Injection w module pobierania logów wyjątków — Eladmin
CVE-2024-44677CRITICAL9.8PL ✓ten sam produkt
SSRF umożliwiające RCE w Eladmin v2.7 — komponent DatabaseController
CVE-2025-70997MEDIUM6.5ten sam produkt
A vulnerability has been discovered in eladmin v2.7 and before. This vulnerability allows for an arbitrary use...
CVE-2025-9239MEDIUM6.3ten sam produkt
A vulnerability was identified in elunez eladmin up to 2.7. Affected by this vulnerability is the function Enc...
CVE-2025-8530MEDIUM5.5ten sam produkt
A vulnerability, which was classified as problematic, has been found in elunez eladmin up to 2.7. Affected by ...