CVE-2025-70997
Arbitrary Password Reset Vulnerability in eladmin β€ v
Publication date: 2026-02-04
Last updated on: 2026-02-12
Assigner: MITRE
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| eladmin | eladmin | to 2.7 (inc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-863 | The product performs an authorization check when an actor attempts to access a resource or perform an action, but it does not correctly perform the check. |
| CWE-284 | The product does not restrict or incorrectly restricts access to a resource from an unauthorized actor. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
CVE-2025-70997 is a vulnerability in eladmin version 2.7 and earlier that allows an attacker to reset the password of any user, including administrators, without proper authentication or permission checks.
The issue exists in the /api/users/resetPwd endpoint of the user management module, which accepts a JSON array of user IDs and resets their passwords to a default value (123456).
Because the endpoint does not verify the identity or permissions of the requester, an attacker can remotely send a crafted request to reset passwords of arbitrary users.
For example, sending a request with the user ID of the admin account resets the admin password to the default, allowing the attacker to log in as that user.
The root cause is the lack of authentication and authorization checks in the password reset method within the UserRepository class.
The recommended fix is to implement permission detection so users can only reset their own passwords and to update to the latest version of eladmin.
How can this vulnerability impact me? :
This vulnerability can have serious impacts because it allows an attacker to reset the passwords of any users, including administrators, without authorization.
An attacker who exploits this can gain unauthorized access to user accounts, potentially taking control of the system or accessing sensitive data.
Since the attacker can reset the admin password, they can fully compromise the system, modify data, disrupt services, or escalate privileges.
This can lead to data breaches, loss of system integrity, and unauthorized actions performed under legitimate user identities.
How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:
I don't know
How can this vulnerability be detected on my network or system? Can you suggest some commands?
[{'type': 'paragraph', 'content': 'This vulnerability can be detected by monitoring for unauthorized requests to the /api/users/resetPwd endpoint, which accepts a JSON array of user IDs to reset passwords without proper authentication.'}, {'type': 'paragraph', 'content': 'A simple detection method is to check your server logs or network traffic for POST requests to /api/users/resetPwd containing user ID arrays such as [1], which resets the admin password.'}, {'type': 'paragraph', 'content': 'For example, you can use the following curl command to test if the endpoint is vulnerable (do not run on production systems without authorization):'}, {'type': 'list_item', 'content': 'curl -X POST -H "Content-Type: application/json" -d \'[1]\' https://your-eladmin-domain/api/users/resetPwd -v'}, {'type': 'paragraph', 'content': 'If the response is HTTP 200 with no data, it indicates the password reset was accepted without authentication, confirming the vulnerability.'}] [1]
What immediate steps should I take to mitigate this vulnerability?
The immediate mitigation step is to update eladmin to the latest version where this vulnerability is patched.
If updating is not immediately possible, restrict access to the /api/users/resetPwd endpoint by implementing permission checks so that users can only reset their own passwords.
Additionally, monitor and block unauthorized requests to this endpoint and consider changing all user passwords manually to prevent unauthorized access.