CVE-2025-8261CRITICAL 9.8EPSS p44.1%

CVE-2025-8261CVE-2025-8261

Description

A weakness has been identified in Vaelsys VaelsysV4 4.1.0. This vulnerability affects unknown code of the file /grid/vgrid_server.php of the component User Creation Handler. Executing a manipulation can lead to improper authorization. The attack may be performed from remote. The exploit has been made available to the public and could be used for attacks. The real existence of this vulnerability is still doubted at the moment. The vendor explains: "Based on Vaelsys' analysis, the reported behavior does not allow actions beyond those already permitted to authenticated administrative users, and no change in system configuration or operational practices is necessary."

Scoring

CVSS 3.19.8 (CRITICAL)
VectorCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
EPSS0.60% probability of exploitation · percentile 44.1% · 2026-06-19T12:03:05Z
Published2025-07-28
Last modified2026-04-29

Underlying weaknesses· 2

CWE-266CWE-285

References

  1. https://github.com/waiwai24/0101/blob/main/CVEs/Vaelsys/Unauthorized_User_Creation_Vulnerability_Exists_in_Vaelsys_V4_Platform.md
  2. https://vaelsys.github.io/security-advisory/advisories/VSEC_V4_2025_07_0003.html
  3. https://vuldb.com/submit/616924
  4. https://vuldb.com/vuln/317849
  5. https://vuldb.com/vuln/317849/cti

2

TypeTargetConfidenceTier
WeaknessIncorrect Privilege Assignmentcwe-2660%live
WeaknessImproper Authorizationcwe-2850%live

Related by meaning· 6

Nearest entities by semantic similarity across the cs-graph corpus.

CVE
CVE-2025-8259
CVE
CVE-2026-2952
CVE
CVE-2025-8322
CVE
CVE-2025-14885
CVE
CVE-2025-7581
CVE
CVE-2025-6352
Sourced from NVD + FIRST.org EPSS. Curated for EU compliance use cases by Adam Lundqvist, Founder at SQUR.