Cyber Resilience

CVE-2025-2855

MediumPublic PoC

Published: 27 March 2025

Published
27 March 2025
Modified
06 May 2025
KEV Added
Patch
CVSS Score v4 5.1 CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
EPSS Score 0.0044 63.7th percentile
Risk Priority 10 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2025-2855 is a medium-severity Improper Input Validation (CWE-20) vulnerability in Eladmin Eladmin. Its CVSS base score is 5.1 (Medium).

Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked in the top 36.3% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.

The strongest mitigations our analysis identified are NIST 800-53 SI-10 (Information Input Validation) and SI-2 (Flaw Remediation).

Deeper analysis

A deserialization vulnerability exists in elunez eladmin versions up to 2.7. The issue resides in the checkFile function within the /api/deploy/upload endpoint, where improper handling of the servers argument permits deserialization of untrusted data. The flaw is tracked under CWE-20 and CWE-502 and carries a CVSS 4.0 score of 5.1.

An authenticated attacker with high privileges can send a crafted request to the affected endpoint over the network, triggering deserialization that yields limited impacts to confidentiality, integrity, and availability on the target system. Exploitation requires no user interaction and can be performed remotely.

The EPSS score for this CVE rose from a baseline of 0.0044 to a peak of 0.0101, indicating emerging exploitation interest after disclosure. Public references consist of a GitHub issue and Vuldb entries, but no specific mitigation guidance or patch details are provided in the available sources.

EU & UK References

Vulnerability details

A vulnerability, which was classified as problematic, has been found in elunez eladmin up to 2.7. Affected by this issue is the function checkFile of the file /api/deploy/upload. The manipulation of the argument servers leads to deserialization. The attack may…

more

be launched remotely.

CWE(s)

Related Threats

MITRE ATT&CK Enterprise TechniquesAI

T1190 Exploit Public-Facing Application Initial Access
Adversaries may attempt to exploit a weakness in an Internet-facing host or system to initially access a network.
Why these techniques?

The deserialization of untrusted data vulnerability in the /api/deploy/upload endpoint allows remote exploitation of the web application, mapping to T1190 Exploit Public-Facing Application (even with PR:H requirement for reaching the vulnerable function).

Confidence: MEDIUM · MITRE ATT&CK Enterprise v19.0

CVEs Like This One

CVE-2025-22978Same product: Eladmin Eladmin
CVE-2025-70997Same product: Eladmin Eladmin
CVE-2025-0465Shared CWE-20, CWE-502
CVE-2025-2376Shared CWE-20, CWE-502
CVE-2025-1113Shared CWE-20, CWE-502
CVE-2025-2689Shared CWE-20, CWE-502
CVE-2025-1177Shared CWE-20, CWE-502
CVE-2024-13136Shared CWE-20, CWE-502
CVE-2025-0734Shared CWE-20, CWE-502
CVE-2025-1186Shared CWE-20, CWE-502

Affected Assets

eladmin
eladmin
≤ 2.7

Mitigating Controls

Mitigating Controls (NIST 800-53 r5) AI

prevent

Directly requires validation of the 'servers' argument to prevent deserialization of untrusted data as per CWE-20 and CWE-502.

prevent

Mandates timely identification, reporting, and correction of the deserialization flaw in the checkFile function of /api/deploy/upload.

prevent

Enforces least privilege to limit high-privilege (PR:H) access to the vulnerable endpoint, reducing the attack surface.

References