CVE-2025-10389 | CRMEB up to 5.6.1 Administrator Password SystemAdminServices.php save ID improper authorization

A vulnerability has been found in CRMEB up to 5.6.1 and classified as critical. Impacted is the function Save of the file app/services/system/admin/SystemAdminServices.php of the component Administrator Password Handler. Performing manipulation of the argument ID results in improper authorization.

This vulnerability was named CVE-2025-10389. The attack may be initiated remotely. In addition, an exploit is available.

The vendor was contacted early about this disclosure but did not respond in any way.VulDB Recent EntriesRead More