Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
Vulnerability Details :

CVE-2025-9239

Summary
Assigner-VulDB
Assigner Org ID-1af790b2-7ee1-4545-860a-a788eba489b5
Published At-20 Aug, 2025 | 18:02
Updated At-20 Aug, 2025 | 18:46
Rejected At-
Credits

elunez eladmin DES Key EncryptUtils.java EncryptUtils inadequate encryption

A vulnerability was identified in elunez eladmin up to 2.7. Affected by this vulnerability is the function EncryptUtils of the file eladmin-common/src/main/java/me/zhengjie/utils/EncryptUtils.java of the component DES Key Handler. The manipulation of the argument STR_PARAM with the input Passw0rd leads to inadequate encryption strength. The attack can be initiated remotely. The attack is considered to have high complexity. The exploitation appears to be difficult.

Vendors
-
Not available
Products
-
Metrics (CVSS)
VersionBase scoreBase severityVector
Weaknesses
Attack Patterns
Solution/Workaround
References
HyperlinkResource Type
EPSS History
Score
Latest Score
-
N/A
No data available for selected date range
Percentile
Latest Percentile
-
N/A
No data available for selected date range
Stakeholder-Specific Vulnerability Categorization (SSVC)
▼Common Vulnerabilities and Exposures (CVE)
cve.org
Assigner:VulDB
Assigner Org ID:1af790b2-7ee1-4545-860a-a788eba489b5
Published At:20 Aug, 2025 | 18:02
Updated At:20 Aug, 2025 | 18:46
Rejected At:
▼CVE Numbering Authority (CNA)
elunez eladmin DES Key EncryptUtils.java EncryptUtils inadequate encryption

A vulnerability was identified in elunez eladmin up to 2.7. Affected by this vulnerability is the function EncryptUtils of the file eladmin-common/src/main/java/me/zhengjie/utils/EncryptUtils.java of the component DES Key Handler. The manipulation of the argument STR_PARAM with the input Passw0rd leads to inadequate encryption strength. The attack can be initiated remotely. The attack is considered to have high complexity. The exploitation appears to be difficult.

Affected Products
Vendor
elunez
Product
eladmin
Modules
  • DES Key Handler
Versions
Affected
  • 2.0
  • 2.1
  • 2.2
  • 2.3
  • 2.4
  • 2.5
  • 2.6
  • 2.7
Problem Types
TypeCWE IDDescription
CWECWE-326Inadequate Encryption Strength
CWECWE-310Cryptographic Issues
Type: CWE
CWE ID: CWE-326
Description: Inadequate Encryption Strength
Type: CWE
CWE ID: CWE-310
Description: Cryptographic Issues
Metrics
VersionBase scoreBase severityVector
4.06.3MEDIUM
CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:X
3.13.7LOW
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N/E:X/RL:X/RC:R
3.03.7LOW
CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N/E:X/RL:X/RC:R
2.02.6N/A
AV:N/AC:H/Au:N/C:P/I:N/A:N/E:ND/RL:ND/RC:UR
Version: 4.0
Base score: 6.3
Base severity: MEDIUM
Vector:
CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:X
Version: 3.1
Base score: 3.7
Base severity: LOW
Vector:
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N/E:X/RL:X/RC:R
Version: 3.0
Base score: 3.7
Base severity: LOW
Vector:
CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N/E:X/RL:X/RC:R
Version: 2.0
Base score: 2.6
Base severity: N/A
Vector:
AV:N/AC:H/Au:N/C:P/I:N/A:N/E:ND/RL:ND/RC:UR
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
reporter
ez-lbz (VulDB User)
Timeline
EventDate
Advisory disclosed2025-08-20 00:00:00
VulDB entry created2025-08-20 02:00:00
VulDB entry last update2025-08-20 13:12:08
Event: Advisory disclosed
Date: 2025-08-20 00:00:00
Event: VulDB entry created
Date: 2025-08-20 02:00:00
Event: VulDB entry last update
Date: 2025-08-20 13:12:08
Replaced By
Rejected Reason
References
HyperlinkResource
https://vuldb.com/?id.320772
vdb-entry
technical-description
https://vuldb.com/?ctiid.320772
signature
permissions-required
https://vuldb.com/?submit.631393
third-party-advisory
https://github.com/elunez/eladmin/issues/884
issue-tracking
Hyperlink: https://vuldb.com/?id.320772
Resource:
vdb-entry
technical-description
Hyperlink: https://vuldb.com/?ctiid.320772
Resource:
signature
permissions-required
Hyperlink: https://vuldb.com/?submit.631393
Resource:
third-party-advisory
Hyperlink: https://github.com/elunez/eladmin/issues/884
Resource:
issue-tracking
▼Authorized Data Publishers (ADP)
CISA ADP Vulnrichment
Affected Products
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
Information is not available yet
▼National Vulnerability Database (NVD)
nvd.nist.gov
Source:cna@vuldb.com
Published At:20 Aug, 2025 | 18:15
Updated At:22 Aug, 2025 | 18:09

A vulnerability was identified in elunez eladmin up to 2.7. Affected by this vulnerability is the function EncryptUtils of the file eladmin-common/src/main/java/me/zhengjie/utils/EncryptUtils.java of the component DES Key Handler. The manipulation of the argument STR_PARAM with the input Passw0rd leads to inadequate encryption strength. The attack can be initiated remotely. The attack is considered to have high complexity. The exploitation appears to be difficult.

CISA Catalog
Date AddedDue DateVulnerability NameRequired Action
N/A
Date Added: N/A
Due Date: N/A
Vulnerability Name: N/A
Required Action: N/A
Metrics
TypeVersionBase scoreBase severityVector
Secondary4.06.3MEDIUM
CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Primary3.13.7LOW
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N
Secondary2.02.6LOW
AV:N/AC:H/Au:N/C:P/I:N/A:N
Type: Secondary
Version: 4.0
Base score: 6.3
Base severity: MEDIUM
Vector:
CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Type: Primary
Version: 3.1
Base score: 3.7
Base severity: LOW
Vector:
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N
Type: Secondary
Version: 2.0
Base score: 2.6
Base severity: LOW
Vector:
AV:N/AC:H/Au:N/C:P/I:N/A:N
CPE Matches
Weaknesses
CWE IDTypeSource
CWE-310Primarycna@vuldb.com
CWE-326Primarycna@vuldb.com
CWE ID: CWE-310
Type: Primary
Source: cna@vuldb.com
CWE ID: CWE-326
Type: Primary
Source: cna@vuldb.com
Evaluator Description
Evaluator Impact

Evaluator Solution

Vendor Statements
References
HyperlinkSourceResource
https://github.com/elunez/eladmin/issues/884cna@vuldb.com
N/A
https://vuldb.com/?ctiid.320772cna@vuldb.com
N/A
https://vuldb.com/?id.320772cna@vuldb.com
N/A
https://vuldb.com/?submit.631393cna@vuldb.com
N/A
Hyperlink: https://github.com/elunez/eladmin/issues/884
Source: cna@vuldb.com
Resource: N/A
Hyperlink: https://vuldb.com/?ctiid.320772
Source: cna@vuldb.com
Resource: N/A
Hyperlink: https://vuldb.com/?id.320772
Source: cna@vuldb.com
Resource: N/A
Hyperlink: https://vuldb.com/?submit.631393
Source: cna@vuldb.com
Resource: N/A

Change History

0
Information is not available yet

Similar CVEs

3Records found
CVE-2025-7789
Matching Score-4
Assigner-VulDB
ShareView Details
Matching Score-4
Assigner-VulDB
CVSS Score-6.3||MEDIUM
EPSS-0.02% / 2.61%
||
7 Day CHG~0.00%
Published-18 Jul, 2025 | 15:14
Updated-22 Jul, 2025 | 13:06
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Xuxueli xxl-job Token Generation IndexController.java makeToken weak password hash

A vulnerability was found in Xuxueli xxl-job up to 3.1.1 and classified as problematic. Affected by this issue is the function makeToken of the file src/main/java/com/xxl/job/admin/controller/IndexController.java of the component Token Generation. The manipulation leads to password hash with insufficient computational effort. The attack may be launched remotely. The complexity of an attack is rather high. The exploitation is known to be difficult. The exploit has been disclosed to the public and may be used.

Action-Not Available
Vendor-Xuxueli
Product-xxl-job
CWE ID-CWE-326
Inadequate Encryption Strength
CWE ID-CWE-916
Use of Password Hash With Insufficient Computational Effort
CVE-2025-4894
Matching Score-4
Assigner-VulDB
ShareView Details
Matching Score-4
Assigner-VulDB
CVSS Score-6.3||MEDIUM
EPSS-0.01% / 1.11%
||
7 Day CHG~0.00%
Published-18 May, 2025 | 20:00
Updated-05 Jun, 2025 | 19:39
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
calmkart Django-sso-server crypto.py gen_rsa_keys inadequate encryption

A vulnerability classified as problematic was found in calmkart Django-sso-server up to 057247929a94ffc358788a37ab99e391379a4d15. This vulnerability affects the function gen_rsa_keys of the file common/crypto.py. The manipulation leads to inadequate encryption strength. The attack can be initiated remotely. The complexity of an attack is rather high. The exploitation appears to be difficult. This product is using a rolling release to provide continious delivery. Therefore, no version details for affected nor updated releases are available.

Action-Not Available
Vendor-calmkart
Product-django-sso-serverDjango-sso-server
CWE ID-CWE-326
Inadequate Encryption Strength
CVE-2024-30119
Matching Score-4
Assigner-HCL Software
ShareView Details
Matching Score-4
Assigner-HCL Software
CVSS Score-3.7||LOW
EPSS-0.03% / 5.31%
||
7 Day CHG~0.00%
Published-14 Jun, 2024 | 21:34
Updated-02 Aug, 2024 | 01:25
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
HCL DRYiCE Optibot Reset Station is impacted by a missing Strict Transport Security Header

HCL DRYiCE Optibot Reset Station is impacted by a missing Strict Transport Security Header.  This could allow an attacker to intercept or manipulate data during redirection.

Action-Not Available
Vendor-HCL Technologies Ltd.
Product-DRYiCE Optibot Reset Stationdryice_optibot_reset_station
CWE ID-CWE-326
Inadequate Encryption Strength
CWE ID-CWE-522
Insufficiently Protected Credentials
Details not found