What is CVE-2025-9241?

CVE-2025-9241 is a medium-severity vulnerability in Eladmin, classified under Improper Neutralization of Special Elements in Output Used by a Downstream Component (Injection). CVSS score: 6.3/10. Published 2025-08-20.

How severe is CVE-2025-9241?

Medium severity. CVSS v3 base score is 6.3 out of 10.

Vulnerability in Eladmin

CVE-2025-9241

A weakness has been identified in elunez eladmin up to 2.7. This affects the function exportUser. This manipulation causes csv injection. The attack may be initiated remotely. The exploit has been made available to the public and could be…

EPSS: 0.001 (22.0th percentile) — read the EPSS interpretation.

CVSS v3 metric

CVSS v3 base score 6.3 (Medium). Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L.

Affected products

Eladmin
Elunez Eladmin — versions 2.0, 2.1, 2.2

Weakness classification (CWE)

References

VDB-320774 | elunez eladmin exportUser csv injection (technical-description, Third Party Advisory, VDB Entry, vdb-entry)
VDB-320774 | CTI Indicators (IOB, IOC, IOA) (signature, Permissions Required, permissions-required, VDB Entry)
Submit #631473 | elunez eladmin ≤ 2.7 CSV/XLSX Injection(CWE-1236) (Third Party Advisory, VDB Entry, third-party-advisory)
cna@vuldb.com (issue-tracking, Exploit, Issue Tracking, Vendor Advisory)
cna@vuldb.com (issue-tracking, Exploit, exploit, Issue Tracking, Vendor Advisory)

Frequently asked questions

What is CVE-2025-9241?: CVE-2025-9241 is a medium-severity vulnerability in Eladmin, classified under Improper Neutralization of Special Elements in Output Used by a Downstream Component (Injection). CVSS score: 6.3/10. Published 2025-08-20.
How severe is CVE-2025-9241?: Medium severity. CVSS v3 base score is 6.3 out of 10.