CVE-2025-10014 | elunez eladmin up to 2.7 Email Address /api/users/updateEmail/ updateUserEmail id/email improper authorization

A vulnerability labeled as critical has been found in elunez eladmin up to 2.7. This impacts the function updateUserEmail of the file /api/users/updateEmail/ of the component Email Address Handler. Executing manipulation of the argument id/email can lead to improper authorization.

This vulnerability appears as CVE-2025-10014. The attack may be performed from remote. In addition, an exploit is available.

It is required to know the RSA-encrypted password of the attacked user account.VulDB Recent EntriesRead More