cbcvebase.
CVE-2025-65854
published 2025-12-12

CVE-2025-65854: Insecure permissions in the scheduled tasks feature of MineAdmin v3.x allows attackers to execute arbitrary commands and execute a full account takeover.

PriorityP261critical9.8CVSS 3.1
AVNACLPRNUINSUCHIHAH
EPSS
0.47%
37.0th percentile
Insecure permissions in the scheduled tasks feature of MineAdmin v3.x allows attackers to execute arbitrary commands and execute a full account takeover.

Affected

2 ranges
VendorProductVersion rangeFixed in
mineadminmineadmin< 3.03.0
mineadminmineadmin0 – 3.0.9

Detection & IOCsextracted from sources · hover to see the quote

  • Target the scheduled tasks feature of MineAdmin v3.x, which has insecure permissions allowing arbitrary command execution and full account takeover.
  • ·No public exploit is currently available for this CVE, and no fix has been confirmed as of the source publication date (Dec 14, 2025).
  • ·Affected package is mineadmin/mineadmin (Composer/PHP ecosystem); no patched version was listed at time of indexing.
Stop checking back — get the weekly exploitation signal.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.