CVE-2025-10389
Unknown Unknown - Not Provided
BaseFortify

Publication date: 2025-09-14

Last updated on: 2026-04-29

Assigner: VulDB

Description
A security flaw has been discovered in CRMEB up to 5.6.1. Impacted is the function Save of the file app/services/system/admin/SystemAdminServices.php of the component Administrator Password Handler. Performing manipulation of the argument ID results in improper authorization. The attack may be initiated remotely. The exploit has been released to the public and may be exploited. The vendor was contacted early about this disclosure but did not respond in any way.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2025-09-14
Last Modified
2026-04-29
Generated
2026-06-16
AI Q&A
2025-09-14
EPSS Evaluated
2026-06-15
NVD
CVE-2025-10389
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
crmeb crmeb to 5.6.1 (inc)
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-285 The product does not perform or incorrectly performs an authorization check when an actor attempts to access a resource or perform an action.
CWE-266 A product incorrectly assigns a privilege to a particular actor, creating an unintended sphere of control for that actor.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

CVE-2025-10389 is a security flaw in CRMEB up to version 5.6.1, specifically in the save function of the SystemAdminServices.php file. The vulnerability allows low-permission users to reset the administrator password because the system does not properly check if the user has authorization to modify the targeted administrator account. This improper authorization enables attackers to remotely manipulate the administrator password without permission. [1, 2]

Impact Analysis

This vulnerability can have a significant impact by allowing unauthorized users with low privileges to reset the administrator password remotely. This compromises system integrity and availability, potentially giving attackers full administrative control over the affected CRMEB installation. Such control can lead to unauthorized access, data manipulation, and disruption of services. [1, 2]

Detection Guidance

This vulnerability can be detected by checking for the presence of the vulnerable file path 'app/services/system/admin/SystemAdminServices.php' in CRMEB versions up to 5.6.1. One method is to use Google dorking with queries like 'inurl:app/services/system/admin/SystemAdminServices.php' to identify potentially vulnerable targets. Additionally, monitoring for unauthorized attempts to invoke the 'save' function with manipulated 'id' parameters or unusual password reset activities by low-permission users could indicate exploitation attempts. Specific commands are not provided in the resources. [2]

Mitigation Strategies

Immediate mitigation steps include replacing the affected component or product, as no known mitigations or countermeasures have been published. Since the vendor did not respond to early disclosure and no patches are available, removing or upgrading the vulnerable CRMEB installation is recommended to prevent exploitation. Restricting access to the vulnerable file path and monitoring for suspicious activity may also help reduce risk. [2]

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2025-10389. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart