CVE-2025-70997
MEDIUM WAF: Low
CVSS 6.5
Published: 2026-02-04
CWE-863
A vulnerability has been discovered in eladmin v2.7 and before. This vulnerability allows for an arbitrary user password reset under any user permission level.
WAF Coverage Analysis
Incorrect Authorization
Low WAF Coverage
OWASP: A01:2021 Broken Access Control
Affected Software
| Vendor | Product | Version |
|---|---|---|
| eladmin | eladmin | up to 2.7 |
References
- github.com (Product)
- github.com (Exploit, Issue Tracking, Third Party Advisory)