CVE-2025-10390 | CRMEB up to 5.6.1 UserAddressServices.php editAddress ID improper authorization

A vulnerability was found in CRMEB up to 5.6.1 and classified as critical. The affected element is the function editAddress of the file app/services/user/UserAddressServices.php. Executing manipulation of the argument ID can lead to improper authorization.

The identification of this vulnerability is CVE-2025-10390. The attack may be launched remotely. Furthermore, there is an exploit available.

The vendor was contacted early about this disclosure but did not respond in any way.VulDB Recent EntriesRead More