Critical severityGHSA Advisory· Published Dec 12, 2025· Updated Dec 12, 2025
CVE-2025-65854
CVE-2025-65854
Description
Insecure permissions in the scheduled tasks feature of MineAdmin v3.x allows attackers to execute arbitrary commands and execute a full account takeover.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
mineadmin/mineadminPackagist | <= 3.0.9 | — |
Affected products
1Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
6- github.com/advisories/GHSA-x6mh-4w8x-p34vghsaADVISORY
- nvd.nist.gov/vuln/detail/CVE-2025-65854ghsaADVISORY
- mineadmin.comghsaWEB
- gist.github.com/SourByte05/1a6c6b08ac47c5d58eb7dd4422cc23b7ghsaWEB
- github.com/mineadmin/mine-core/blob/7994da7f5cd0778eb9aadd550c50c259cc1d1048/src/Command/InstallProjectCommand.phpghsaWEB
- www.mineadmin.commitre
News mentions
0No linked articles in our index yet.