CVE-2025-8530
Published: 04 August 2025
Summary
CVE-2025-8530 is a medium-severity Use of Default Credentials (CWE-1392) vulnerability in Eladmin Eladmin. Its CVSS base score is 5.5 (Medium).
Operationally, ranked at the 46.7th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.
EU & UK References
- 🇪🇺 ENISA EUVD: EUVD-2025-23562
Vulnerability details
A vulnerability, which was classified as problematic, has been found in elunez eladmin up to 2.7. Affected by this issue is some unknown functionality of the file eladmin-system\src\main\resources\config\application-prod.yml of the component Druid. The manipulation of the argument login-username/login-password leads to…
more
use of default credentials. The attack may be launched remotely. The exploit has been disclosed to the public and may be used.
- CWE(s)
Related Threats
No named actor attribution yet. ATT&CK technique mapping in progress for this CVE.
Affected Assets
Mitigating Controls
Likely Mitigating Controls AI
Per-CVE control mapping for this CVE has not run yet; the list below is derived from the weakness types (CWEs) cited in the NVD entry.
Policy and procedures prohibit hard-coded credentials in favor of managed authentication.
Changing default authenticators prior to first use and protecting content prevents use of hard-coded credentials.
Strategy enforces supplier requirements and code reviews that reduce hard-coded credentials introduced through acquired products.
Requiring security functional requirements and acceptance criteria allows contracts to prohibit hard-coded credentials in delivered systems or components.
Known vulnerabilities section of admin docs covers hard-coded credentials and how to replace them, limiting their use in deployments.
Enables users to notice when hard-coded credentials have been exploited for unauthorized access.
Security training explicitly warns against hard-coded credentials, lowering their use in systems.
Mandates replacement of default credentials during secure configuration and provisioning procedures.