A vulnerability, which was classified as problematic, has been found in elunez eladmin up to 2.7. Affected by this issue is the function checkFile of the file /api/deploy/upload. The manipulation of the argument servers leads to deserialization. The attack may be launched remotely.
{
"cwe_ids": [
"CWE-20",
"CWE-502"
],
"osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2025/2xxx/CVE-2025-2855.json",
"unresolved_ranges": [
{
"extracted_events": [
{
"introduced": "2.0"
},
{
"last_affected": "2.0"
},
{
"introduced": "2.1"
},
{
"last_affected": "2.1"
},
{
"introduced": "2.2"
},
{
"last_affected": "2.2"
},
{
"introduced": "2.3"
},
{
"last_affected": "2.3"
},
{
"introduced": "2.4"
},
{
"last_affected": "2.4"
},
{
"introduced": "2.5"
},
{
"last_affected": "2.5"
},
{
"introduced": "2.6"
},
{
"last_affected": "2.6"
}
],
"source": "AFFECTED_FIELD"
}
],
"cna_assigner": "VulDB"
}