eladmin CVE Vulnerabilities & Metrics

Focus on eladmin vulnerabilities and metrics.

Last updated: 08 May 2025, 22:25 UTC

About eladmin Security Exposure

This page consolidates all known Common Vulnerabilities and Exposures (CVEs) associated with eladmin. We track both calendar-based metrics (using fixed periods) and rolling metrics (using gliding windows) to give you a comprehensive view of security trends and risk evolution. Use these insights to assess risk and plan your patching strategy.

For a broader perspective on cybersecurity threats, explore the comprehensive list of CVEs by vendor and product. Stay updated on critical vulnerabilities affecting major software and hardware providers.

Global CVE Overview

Total eladmin CVEs: 5
Earliest CVE date: 04 Aug 2024, 22:15 UTC
Latest CVE date: 27 Mar 2025, 16:15 UTC

Latest CVE reference: CVE-2025-2855

Rolling Stats

30-day Count (Rolling): 0
365-day Count (Rolling): 5

Calendar-based Variation

Calendar-based Variation compares a fixed calendar period (e.g., this month versus the same month last year), while Rolling Growth Rate uses a continuous window (e.g., last 30 days versus the previous 30 days) to capture trends independent of calendar boundaries.

Variations & Growth

Month Variation (Calendar): -100.0%
Year Variation (Calendar): 0%

Month Growth Rate (30-day Rolling): -100.0%
Year Growth Rate (365-day Rolling): 0.0%

Monthly CVE Trends (current vs previous Year)

Annual CVE Trends (Last 20 Years)

Critical eladmin CVEs (CVSS ≥ 9) Over 20 Years

CVSS Stats

Average CVSS: 2.2

Max CVSS: 5.8

Critical CVEs (≥9): 0

CVSS Range vs. Count

Range	Count
0.0-3.9	3
4.0-6.9	2
7.0-8.9	0
9.0-10.0	0

CVSS Distribution Chart

Top 5 Highest CVSS eladmin CVEs

These are the five CVEs with the highest CVSS scores for eladmin, sorted by severity first and recency.

CVE-2025-2855 eladmin Published on 27 Mar 2025, 16:15 UTC (CVSS: 5.8)
A vulnerability, which was classified as problematic, has been found in elunez eladmin up to 2.7. Affected by this issue is the function checkFile of the file /api/deploy/upload. The manipulation of the argument servers leads to deserialization. The attack may be launched remotely.
CVE-2024-7458 eladmin Published on 04 Aug 2024, 22:15 UTC (CVSS: 5.2)
A vulnerability was found in elunez eladmin up to 2.7 and classified as critical. This issue affects some unknown processing of the file /api/deploy/upload /api/database/upload of the component Database Management/Deployment Management. The manipulation of the argument file leads to path traversal: 'dir/../../filename'. The exploit has been disclosed to the public and may be used. The associate...
CVE-2024-51243 eladmin Published on 30 Oct 2024, 21:15 UTC (CVSS: 0)
The eladmin v2.7 and before contains a remote code execution (RCE) vulnerability that can control all application deployment servers of this management system via DeployController.java.
CVE-2024-44677 eladmin Published on 10 Sep 2024, 16:15 UTC (CVSS: 0)
eladmin v2.7 and before is vulnerable to Server-Side Request Forgery (SSRF) which allows an attacker to execute arbitrary code via the DatabaseController.java component.
CVE-2024-44676 eladmin Published on 10 Sep 2024, 16:15 UTC (CVSS: 0)
eladmin v2.7 and before is vulnerable to Cross Site Scripting (XSS) which allows an attacker to execute arbitrary code via LocalStoreController. java.

All CVEs for eladmin

CVE-2025-2855 eladmin vulnerability CVSS: 5.8 27 Mar 2025, 16:15 UTC

A vulnerability, which was classified as problematic, has been found in elunez eladmin up to 2.7. Affected by this issue is the function checkFile of the file /api/deploy/upload. The manipulation of the argument servers leads to deserialization. The attack may be launched remotely.

CVE-2024-51243 eladmin vulnerability CVSS: 0 30 Oct 2024, 21:15 UTC

The eladmin v2.7 and before contains a remote code execution (RCE) vulnerability that can control all application deployment servers of this management system via DeployController.java.

CVE-2024-44677 eladmin vulnerability CVSS: 0 10 Sep 2024, 16:15 UTC

eladmin v2.7 and before is vulnerable to Server-Side Request Forgery (SSRF) which allows an attacker to execute arbitrary code via the DatabaseController.java component.

CVE-2024-44676 eladmin vulnerability CVSS: 0 10 Sep 2024, 16:15 UTC

eladmin v2.7 and before is vulnerable to Cross Site Scripting (XSS) which allows an attacker to execute arbitrary code via LocalStoreController. java.

CVE-2024-7458 eladmin vulnerability CVSS: 5.2 04 Aug 2024, 22:15 UTC

A vulnerability was found in elunez eladmin up to 2.7 and classified as critical. This issue affects some unknown processing of the file /api/deploy/upload /api/database/upload of the component Database Management/Deployment Management. The manipulation of the argument file leads to path traversal: 'dir/../../filename'. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-273551.