CVE-2025-8261

HIGH 7.3

Vaelsys VaelsysV4 User Creation vgrid_server.php improper authorization

CVSS Score

7.3

EPSS Score

0.1%

EPSS Percentile

32th

A weakness has been identified in Vaelsys VaelsysV4 4.1.0. This vulnerability affects unknown code of the file /grid/vgrid_server.php of the component User Creation Handler. Executing a manipulation can lead to improper authorization. The attack may be performed from remote. The exploit has been made available to the public and could be used for attacks. The real existence of this vulnerability is still doubted at the moment. The vendor explains: "Based on Vaelsys' analysis, the reported behavior does not allow actions beyond those already permitted to authenticated administrative users, and no change in system configuration or operational practices is necessary."

CWE	CWE-285 CWE-266
Vendor	vaelsys
Product	vaelsysv4
Published	Jul 28, 2025
Last Updated	Apr 15, 2026

Stay Ahead of the Next One

Get instant alerts for vaelsys vaelsysv4

Be the first to know when new high vulnerabilities affecting vaelsys vaelsysv4 are published — delivered to Slack, Telegram or Discord.

Get Free Alerts → Free · No credit card · 60 sec setup

CVSS v3 Breakdown

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R

Attack Vector

Attack Complexity

Privileges Required

User Interaction

Scope

Confidentiality

Integrity

Availability

Affected Versions

Vaelsys / VaelsysV4

4.1.0

References

NVD ↗ CVE.org ↗ EPSS Data ↗

vuldb.com: https://vuldb.com/vuln/317849 vuldb.com: https://vuldb.com/vuln/317849/cti vuldb.com: https://vuldb.com/submit/616924 github.com: https://github.com/waiwai24/0101/blob/main/CVEs/Vaelsys/Unauthorized_User_Creation_Vulnerability_Exists_in_Vaelsys_V4_Platform.md vaelsys.github.io: https://vaelsys.github.io/security-advisory/advisories/VSEC_V4_2025_07_0003.html

Credits

🔍 waiwai24 (VulDB User) security_vaelsys (VulDB User) VulDB CNA Team