CVE-2025-2855
Published: 27 March 2025
Summary
CVE-2025-2855 is a medium-severity Improper Input Validation (CWE-20) vulnerability in Eladmin Eladmin. Its CVSS base score is 5.1 (Medium).
Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked in the top 36.3% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.
The strongest mitigations our analysis identified are NIST 800-53 SI-10 (Information Input Validation) and SI-2 (Flaw Remediation).
Deeper analysis
A deserialization vulnerability exists in elunez eladmin versions up to 2.7. The issue resides in the checkFile function within the /api/deploy/upload endpoint, where improper handling of the servers argument permits deserialization of untrusted data. The flaw is tracked under CWE-20 and CWE-502 and carries a CVSS 4.0 score of 5.1.
An authenticated attacker with high privileges can send a crafted request to the affected endpoint over the network, triggering deserialization that yields limited impacts to confidentiality, integrity, and availability on the target system. Exploitation requires no user interaction and can be performed remotely.
The EPSS score for this CVE rose from a baseline of 0.0044 to a peak of 0.0101, indicating emerging exploitation interest after disclosure. Public references consist of a GitHub issue and Vuldb entries, but no specific mitigation guidance or patch details are provided in the available sources.
EU & UK References
- 🇪🇺 ENISA EUVD: EUVD-2025-15096
Vulnerability details
A vulnerability, which was classified as problematic, has been found in elunez eladmin up to 2.7. Affected by this issue is the function checkFile of the file /api/deploy/upload. The manipulation of the argument servers leads to deserialization. The attack may…
more
be launched remotely.
- CWE(s)
Related Threats
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
The deserialization of untrusted data vulnerability in the /api/deploy/upload endpoint allows remote exploitation of the web application, mapping to T1190 Exploit Public-Facing Application (even with PR:H requirement for reaching the vulnerable function).
CVEs Like This One
Affected Assets
Mitigating Controls
Mitigating Controls (NIST 800-53 r5) AI
Directly requires validation of the 'servers' argument to prevent deserialization of untrusted data as per CWE-20 and CWE-502.
Mandates timely identification, reporting, and correction of the deserialization flaw in the checkFile function of /api/deploy/upload.
Enforces least privilege to limit high-privilege (PR:H) access to the vulnerable endpoint, reducing the attack surface.