Search criteria
2 vulnerabilities by Eluktronics
CVE-2025-7884 (GCVE-0-2025-7884)
Vulnerability from cvelistv5 – Published: 2025-07-20 11:02 – Updated: 2025-07-21 14:31
VLAI?
Title
Eluktronics Control Center REG File data authenticity
Summary
A vulnerability classified as problematic was found in Eluktronics Control Center 5.23.51.41. Affected by this vulnerability is an unknown functionality of the component REG File Handler. The manipulation leads to insufficient verification of data authenticity. It is possible to launch the attack on the local host. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
Severity ?
CWE
- CWE-345 - Insufficient Verification of Data Authenticity
Assigner
References
| URL | Tags | |||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Eluktronics | Control Center |
Affected:
5.23.51.41
|
Credits
pipapupa (VulDB User)
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-7884",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-07-21T14:31:46.276121Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-07-21T14:31:49.031Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"references": [
{
"tags": [
"exploit"
],
"url": "https://drive.proton.me/urls/5PQ1VRZ3CG#M2JyUWapaX85"
}
],
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"modules": [
"REG File Handler"
],
"product": "Control Center",
"vendor": "Eluktronics",
"versions": [
{
"status": "affected",
"version": "5.23.51.41"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"value": "pipapupa (VulDB User)"
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability classified as problematic was found in Eluktronics Control Center 5.23.51.41. Affected by this vulnerability is an unknown functionality of the component REG File Handler. The manipulation leads to insufficient verification of data authenticity. It is possible to launch the attack on the local host. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way."
},
{
"lang": "de",
"value": "In Eluktronics Control Center 5.23.51.41 wurde eine problematische Schwachstelle entdeckt. Hierbei betrifft es unbekannten Programmcode der Komponente REG File Handler. Dank Manipulation mit unbekannten Daten kann eine insufficient verification of data authenticity-Schwachstelle ausgenutzt werden. Der Angriff muss lokal angegangen werden. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung."
}
],
"metrics": [
{
"cvssV4_0": {
"baseScore": 4.8,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:P",
"version": "4.0"
}
},
{
"cvssV3_1": {
"baseScore": 3.3,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N/E:P/RL:X/RC:R",
"version": "3.1"
}
},
{
"cvssV3_0": {
"baseScore": 3.3,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N/E:P/RL:X/RC:R",
"version": "3.0"
}
},
{
"cvssV2_0": {
"baseScore": 1.7,
"vectorString": "AV:L/AC:L/Au:S/C:N/I:P/A:N/E:POC/RL:ND/RC:UR",
"version": "2.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-345",
"description": "Insufficient Verification of Data Authenticity",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-07-20T11:02:05.370Z",
"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"shortName": "VulDB"
},
"references": [
{
"name": "VDB-316999 | Eluktronics Control Center REG File data authenticity",
"tags": [
"vdb-entry"
],
"url": "https://vuldb.com/?id.316999"
},
{
"name": "VDB-316999 | CTI Indicators (IOB, IOC)",
"tags": [
"signature",
"permissions-required"
],
"url": "https://vuldb.com/?ctiid.316999"
},
{
"name": "Submit #611436 | Eluktronics Control Center 5.23.51.41 Unsafe Registry Execution via Modifiable .reg Files",
"tags": [
"third-party-advisory"
],
"url": "https://vuldb.com/?submit.611436"
},
{
"tags": [
"exploit"
],
"url": "https://drive.proton.me/urls/5PQ1VRZ3CG#M2JyUWapaX85"
}
],
"timeline": [
{
"lang": "en",
"time": "2025-07-19T00:00:00.000Z",
"value": "Advisory disclosed"
},
{
"lang": "en",
"time": "2025-07-19T02:00:00.000Z",
"value": "VulDB entry created"
},
{
"lang": "en",
"time": "2025-07-19T09:56:55.000Z",
"value": "VulDB entry last update"
}
],
"title": "Eluktronics Control Center REG File data authenticity"
}
},
"cveMetadata": {
"assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"assignerShortName": "VulDB",
"cveId": "CVE-2025-7884",
"datePublished": "2025-07-20T11:02:05.370Z",
"dateReserved": "2025-07-19T07:51:49.196Z",
"dateUpdated": "2025-07-21T14:31:49.031Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-7883 (GCVE-0-2025-7883)
Vulnerability from cvelistv5 – Published: 2025-07-20 10:44 – Updated: 2025-07-21 14:34
VLAI?
Title
Eluktronics Control Center Powershell Script Command command injection
Summary
A vulnerability classified as critical has been found in Eluktronics Control Center 5.23.51.41. Affected is an unknown function of the file \AiStoneService\MyControlCenter\Command of the component Powershell Script Handler. The manipulation leads to command injection. Attacking locally is a requirement. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
Severity ?
Assigner
References
| URL | Tags | |||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Eluktronics | Control Center |
Affected:
5.23.51.41
|
Credits
pipapupa (VulDB User)
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-7883",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-07-21T14:33:51.296072Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-07-21T14:34:09.407Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"references": [
{
"tags": [
"exploit"
],
"url": "https://drive.proton.me/urls/V5KQBBTH4G#VKpByTUTOWUW"
}
],
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"modules": [
"Powershell Script Handler"
],
"product": "Control Center",
"vendor": "Eluktronics",
"versions": [
{
"status": "affected",
"version": "5.23.51.41"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"value": "pipapupa (VulDB User)"
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability classified as critical has been found in Eluktronics Control Center 5.23.51.41. Affected is an unknown function of the file \\AiStoneService\\MyControlCenter\\Command of the component Powershell Script Handler. The manipulation leads to command injection. Attacking locally is a requirement. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way."
},
{
"lang": "de",
"value": "Es wurde eine kritische Schwachstelle in Eluktronics Control Center 5.23.51.41 entdeckt. Dabei betrifft es einen unbekannter Codeteil der Datei \\AiStoneService\\MyControlCenter\\Command der Komponente Powershell Script Handler. Dank der Manipulation mit unbekannten Daten kann eine command injection-Schwachstelle ausgenutzt werden. Der Angriff hat dabei lokal zu erfolgen. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung."
}
],
"metrics": [
{
"cvssV4_0": {
"baseScore": 8.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P",
"version": "4.0"
}
},
{
"cvssV3_1": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:X/RC:R",
"version": "3.1"
}
},
{
"cvssV3_0": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:X/RC:R",
"version": "3.0"
}
},
{
"cvssV2_0": {
"baseScore": 6.8,
"vectorString": "AV:L/AC:L/Au:S/C:C/I:C/A:C/E:POC/RL:ND/RC:UR",
"version": "2.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-77",
"description": "Command Injection",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-74",
"description": "Injection",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-07-20T10:44:06.279Z",
"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"shortName": "VulDB"
},
"references": [
{
"name": "VDB-316998 | Eluktronics Control Center Powershell Script Command command injection",
"tags": [
"vdb-entry"
],
"url": "https://vuldb.com/?id.316998"
},
{
"name": "VDB-316998 | CTI Indicators (IOB, IOC, TTP, IOA)",
"tags": [
"signature",
"permissions-required"
],
"url": "https://vuldb.com/?ctiid.316998"
},
{
"name": "Submit #611432 | Eluktronics Control Center 5.23.51.41 Elevation Of Privilege",
"tags": [
"third-party-advisory"
],
"url": "https://vuldb.com/?submit.611432"
},
{
"tags": [
"exploit"
],
"url": "https://drive.proton.me/urls/V5KQBBTH4G#VKpByTUTOWUW"
}
],
"timeline": [
{
"lang": "en",
"time": "2025-07-19T00:00:00.000Z",
"value": "Advisory disclosed"
},
{
"lang": "en",
"time": "2025-07-19T02:00:00.000Z",
"value": "VulDB entry created"
},
{
"lang": "en",
"time": "2025-07-19T09:56:54.000Z",
"value": "VulDB entry last update"
}
],
"title": "Eluktronics Control Center Powershell Script Command command injection"
}
},
"cveMetadata": {
"assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"assignerShortName": "VulDB",
"cveId": "CVE-2025-7883",
"datePublished": "2025-07-20T10:44:06.279Z",
"dateReserved": "2025-07-19T07:51:40.798Z",
"dateUpdated": "2025-07-21T14:34:09.407Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}