CVE-2025-65854: MineAdmin has an insecure default password

December 12, 2025

Insecure permissions in the scheduled tasks feature of MineAdmin v3.x allows attackers to execute arbitrary commands and execute a full account takeover.

References

gist.github.com/SourByte05/1a6c6b08ac47c5d58eb7dd4422cc23b7
github.com/advisories/GHSA-x6mh-4w8x-p34v
github.com/mineadmin/mine-core/blob/7994da7f5cd0778eb9aadd550c50c259cc1d1048/src/Command/InstallProjectCommand.php
github.com/mineadmin/mineadmin
nvd.nist.gov/vuln/detail/CVE-2025-65854

Code Behaviors & Features

Detect and mitigate CVE-2025-65854 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →