Mineadmin
CVE-2025-65854
CRITICAL
Severity by source
AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Primary rating from Vendor (mitre) · only source for this CVE.
CVSS VectorVendor: mitre
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Lifecycle Timeline
1DescriptionCVE.org
Insecure permissions in the scheduled tasks feature of MineAdmin v3.x allows attackers to execute arbitrary commands and execute a full account takeover.
AnalysisAI
Arbitrary command execution in MineAdmin v3.x arises from insecure permissions on its scheduled-tasks (cron) feature, letting attackers inject and run OS-level commands (CWE-94) and pivot to full account takeover. Any deployment of the MineAdmin 3.x backend administration framework is affected. The referenced GitHub Gist appears to document the technique; no CISA KEV listing exists, and EPSS is low at 0.47% (37th percentile), indicating no confirmed widespread exploitation yet.
Information disclosure in MineAdmin 1.x/2.x through an exposed Swagger component allows unauthenticated remote attackers
Improper authorization in MineAdmin 1.x/2.x allows authenticated remote attackers to gain unauthorized access through th
A security vulnerability has been detected in MineAdmin 1.x/2.x. Affected is an unknown function of the file /system/get
MineAdmin 1.x and 2.x contains insufficient JWT token verification in the /system/refresh endpoint, allowing authenticat
A vulnerability was detected in MineAdmin 1.x/2.x. Affected by this vulnerability is an unknown functionality of the fil
Same weakness CWE-94 – Code Injection
View allSame technique Code Injection
View allShare
External POC / Exploit Code
Leaving vuln.today