CVE-2025-8260
Vaelsys VaelsysV4 Web interface vgrid_server.php weak hash
CVSS Score
3.1
EPSS Score
0.0%
EPSS Percentile
9th
A security flaw has been discovered in Vaelsys VaelsysV4 up to 5.1.0/5.4.0. This affects an unknown part of the file /grid/vgrid_server.php of the component Web interface. Performing a manipulation of the argument xajaxargs results in use of weak hash. The attack is possible to be carried out remotely. The complexity of an attack is rather high. It is indicated that the exploitability is difficult. The exploit has been released to the public and may be used for attacks. Upgrading to version 5.1.1 and 5.4.1 is able to mitigate this issue. Upgrading the affected component is recommended.
| CWE | CWE-328 CWE-327 |
| Vendor | vaelsys |
| Product | vaelsysv4 |
| Published | Jul 28, 2025 |
| Last Updated | Apr 15, 2026 |
Stay Ahead of the Next One
Get instant alerts for vaelsys vaelsysv4
Be the first to know when new low vulnerabilities affecting vaelsys vaelsysv4 are published โ delivered to Slack, Telegram or Discord.
Get Free Alerts โ
Free ยท No credit card ยท 60 sec setup
CVSS v3 Breakdown
CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N/E:P/RL:O/RC:C Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality
Integrity
Availability
Affected Versions
Vaelsys / VaelsysV4
5.0 5.1 5.1.0 5.2 5.3 5.4.0
References
vuldb.com: https://vuldb.com/vuln/317848 vuldb.com: https://vuldb.com/vuln/317848/cti vuldb.com: https://vuldb.com/submit/616922 github.com: https://github.com/waiwai24/0101/blob/main/CVEs/Vaelsys/Unauthorized_Access_Leads_to_Sensitive_Information_Leakage_in_Vaelsys_V4_Platform.md vaelsys.github.io: https://vaelsys.github.io/security-advisory/advisories/VSEC_V4_2025_07_0002.html
Credits
๐ waiwai24 (VulDB User) security_vaelsys (VulDB User)