What is CVE-2025-9937?

CVE-2025-9937 is a medium-severity vulnerability in Elunez Eladmin, classified under Incorrect Privilege Assignment. CVSS score: 5.4/10. Published 2025-09-04.

How severe is CVE-2025-9937?

Medium severity. CVSS v3 base score is 5.4 out of 10.

Auth bypass in Elunez Eladmin

CVE-2025-9937

A security flaw has been discovered in elunez eladmin 1.1. Impacted is the function deleteFile of the component LocalStorageController. The manipulation results in improper authorization. The attack may be performed from remote. The exploi…

EPSS: 0.001 (18.0th percentile) — read the EPSS interpretation.

CVSS v3 metric

CVSS v3 base score 5.4 (Medium). Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L.

Affected products

Elunez Eladmin — versions 1.1

Weakness classification (CWE)

References

VDB-322339 | elunez eladmin LocalStorageController deleteFile improper authorization (technical-description, vdb-entry)
VDB-322339 | CTI Indicators (IOB, IOC, TTP, IOA) (signature, permissions-required)
Submit #643392 | elunez eladmin latest broken function level authorization (third-party-advisory)
cna@vuldb.com (exploit)

Frequently asked questions

What is CVE-2025-9937?: CVE-2025-9937 is a medium-severity vulnerability in Elunez Eladmin, classified under Incorrect Privilege Assignment. CVSS score: 5.4/10. Published 2025-09-04.
How severe is CVE-2025-9937?: Medium severity. CVSS v3 base score is 5.4 out of 10.