Cyber Posture

CVE-2025-2855

MediumPublic PoC

Published: 27 March 2025

Published
27 March 2025
Modified
06 May 2025
KEV Added
Patch
CVSS Score 4.7 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L
EPSS Score 0.0044 63.4th percentile
Risk Priority 10 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2025-2855 is a medium-severity Improper Input Validation (CWE-20) vulnerability in Eladmin Eladmin. Its CVSS base score is 4.7 (Medium).

Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked in the top 36.6% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.

The strongest mitigations our analysis identified are NIST 800-53 SI-10 (Information Input Validation) and SI-2 (Flaw Remediation).

Threat & Defense at a Glance

What attackers do: exploitation maps to Exploit Public-Facing Application (T1190). What defenders deploy: see the NIST 800-53 controls recommended below.
Threat & Defense Details

Mitigating Controls (NIST 800-53 r5)AI

SI-10 Information Input Validation good match
prevent

Directly requires validation of the 'servers' argument to prevent deserialization of untrusted data as per CWE-20 and CWE-502.

SI-2 Flaw Remediation good match
prevent

Mandates timely identification, reporting, and correction of the deserialization flaw in the checkFile function of /api/deploy/upload.

AC-6 Least Privilege partial match
prevent

Enforces least privilege to limit high-privilege (PR:H) access to the vulnerable endpoint, reducing the attack surface.

MITRE ATT&CK Enterprise TechniquesAI

T1190 Exploit Public-Facing Application Initial Access
Adversaries may attempt to exploit a weakness in an Internet-facing host or system to initially access a network.
attack.mitre.org →
Why these techniques?

The deserialization of untrusted data vulnerability in the /api/deploy/upload endpoint allows remote exploitation of the web application, mapping to T1190 Exploit Public-Facing Application (even with PR:H requirement for reaching the vulnerable function).

Confidence: MEDIUM · MITRE ATT&CK Enterprise v19.0

NVD Description

A vulnerability, which was classified as problematic, has been found in elunez eladmin up to 2.7. Affected by this issue is the function checkFile of the file /api/deploy/upload. The manipulation of the argument servers leads to deserialization. The attack may…

more

be launched remotely.

Deeper analysisAI

CVE-2025-2855 is a problematic vulnerability in elunez eladmin versions up to 2.7. It affects the checkFile function within the /api/deploy/upload file, where manipulation of the "servers" argument triggers deserialization of untrusted data. Classified under CWE-20 (Improper Input Validation) and CWE-502 (Deserialization of Untrusted Data), the issue carries a CVSS v3.1 base score of 4.7 (AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L) and was published on 2025-03-27.

The vulnerability enables remote exploitation by an attacker with high privileges (PR:H). With low attack complexity and no user interaction required, a successful exploit can result in low-level impacts on confidentiality, integrity, and availability within the unchanged scope.

Advisories provide further details via the GitHub issue at https://github.com/elunez/eladmin/issues/873 and VulDB references at https://vuldb.com/?ctiid.301502, https://vuldb.com/?id.301502, and https://vuldb.com/?submit.522504, which may include mitigation guidance or patches.

Details

CWE(s)
CWE-20CWE-502

Affected Products

eladmin
eladmin
≤ 2.7

CVEs Like This One

CVE-2025-70997Same product: Eladmin Eladmin
CVE-2025-22978Same product: Eladmin Eladmin
CVE-2025-15438Shared CWE-20, CWE-502
CVE-2025-8227Shared CWE-20, CWE-502
CVE-2025-1177Shared CWE-20, CWE-502
CVE-2025-11345Shared CWE-20, CWE-502
CVE-2025-0465Shared CWE-20, CWE-502
CVE-2025-0841Shared CWE-20, CWE-502
CVE-2025-7876Shared CWE-20, CWE-502
CVE-2025-1113Shared CWE-20, CWE-502

References