What is the CVSS score of CVE-2025-10878?

CVE-2025-10878 has a CVSS 3.1 base score of 10.0 (Critical). CVSS vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H. EPSS exploitation probability: 0.1%.

Which versions of Fikir Odalari Adminpando are affected by CVE-2025-10878?

A critical SQL injection vulnerability in Fikir Odalari AdminPando 1.0.1 allows unauthenticated attackers to completely bypass login authentication with a public exploit available.

Is there a public PoC exploit available for CVE-2025-10878?

Yes, a public proof-of-concept exploit is available for CVE-2025-10878. Prioritise patching immediately. EPSS: 0.1%.

How to fix or mitigate CVE-2025-10878?

Within 24 hours: Immediately isolate or take offline any AdminPando 1.0.1 instances; audit access logs for suspicious login attempts; assess inventory of affected systems. Within 7 days: Implement WAF rules to block SQL injection patterns in login parameters; deploy network segmentation to restrict AdminPando access to trusted networks only; evaluate alternative admin tools. Within 30 days: Contact vendor for patch availability and timeline; plan upgrade to patched version or migrate to alternative platform; conduct security assessment of compromised instances.

Fikir Odalari Adminpando CVE-2025-10878

CRITICAL

SQL Injection (CWE-89)

2026-02-03 cve@mitre.org

SQLi Authentication Bypass Fikir Odalari Adminpando

10.0

CVSS 3.1 · NVD

Severity by source

NVD PRIMARY

10.0 CRITICAL

AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H

Attack Vector

Network

Attack Complexity

Low

Privileges Required

None

User Interaction

None

Scope

Changed

Confidentiality

High

Integrity

High

Availability

High

Lifecycle Timeline

Analysis Generated

Mar 12, 2026 - 21:54 vuln.today

PoC Detected

Feb 12, 2026 - 17:37 vuln.today

Public exploit code

CVE Published

Feb 03, 2026 - 20:15 nvd

CRITICAL 10.0

DescriptionCVE.org

A SQL injection vulnerability exists in the login functionality of Fikir Odalari AdminPando 1.0.1 before 2026-01-26. The username and password parameters are vulnerable to SQL injection, allowing unauthenticated attackers to bypass authentication completely. Successful exploitation grants full administrative access to the application, including the ability to manipulate the public-facing website content (HTML/DOM manipulation).

AnalysisAI

AdminPando 1.0.1 by Fikir Odalari has a CVSS 10.0 SQL injection in the login functionality allowing complete authentication bypass and database takeover.

Technical ContextAI

The login form in AdminPando 1.0.1 before 1.0.2 has a CWE-89 SQL injection that allows attackers to bypass authentication entirely and access the admin panel without valid credentials.

RemediationAI

Update to version 1.0.2. Use parameterized queries for authentication.

CVE-2025-10878 vulnerability details – vuln.today

Back

Fikir Odalari Adminpando CVE-2025-10878

Severity by source

CVSS VectorNVD

Lifecycle Timeline

DescriptionCVE.org

AnalysisAI

Technical ContextAI

RemediationAI

Share

External POC / Exploit Code