CVE-2025-65854
published 2025-12-12CVE-2025-65854: Insecure permissions in the scheduled tasks feature of MineAdmin v3.x allows attackers to execute arbitrary commands and execute a full account takeover.
PriorityP261critical9.8CVSS 3.1
AVNACLPRNUINSUCHIHAH
EPSS
0.47%
37.0th percentile
Insecure permissions in the scheduled tasks feature of MineAdmin v3.x allows attackers to execute arbitrary commands and execute a full account takeover.
Affected
2 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| mineadmin | mineadmin | < 3.0 | 3.0 |
| mineadmin | mineadmin | 0 – 3.0.9 | — |
Detection & IOCsextracted from sources · hover to see the quote
- →Target the scheduled tasks feature of MineAdmin v3.x, which has insecure permissions allowing arbitrary command execution and full account takeover. ↗
- ·No public exploit is currently available for this CVE, and no fix has been confirmed as of the source publication date (Dec 14, 2025). ↗
- ·Affected package is mineadmin/mineadmin (Composer/PHP ecosystem); no patched version was listed at time of indexing. ↗
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
MineAdmin has an insecure default password
ghsa·2025-12-12
CVE-2025-65854 [CRITICAL] CWE-94 MineAdmin has an insecure default password
MineAdmin has an insecure default password
Insecure permissions in the scheduled tasks feature of MineAdmin v3.x allows attackers to execute arbitrary commands and execute a full account takeover.
OSV
MineAdmin has an insecure default password
osv·2025-12-12
CVE-2025-65854 [CRITICAL] MineAdmin has an insecure default password
MineAdmin has an insecure default password
Insecure permissions in the scheduled tasks feature of MineAdmin v3.x allows attackers to execute arbitrary commands and execute a full account takeover.
No detection rules found.
No public exploits indexed.
2025-12-12
Published