CVE-2025-48695

An issue was discovered in CyberDAVA before 1.1.20. A privilege escalation vulnerability allows a low-privileged user to escalate their privilege by abusing the following API due to the lack of access control: /api/v2/users/user/<user id>/role/ROLE/<Target role> (admin access can be achieved).

CVSS v3 6.4 MEDIUM

6.4^/10

CVSS v3 : MEDIUM

V3 Legend

Vector :

Exploitability : 3.1 / Impact : 2.7

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required LOW

User Interaction NONE

Confidentiality Impact LOW

Integrity Impact LOW

Availability Impact NONE

Scope CHANGED

References

Link	Resource
https://github.com/michaelcheung-research/Vulnerability-Disclosure/blob/main/CVE-2025-CyberDava1/README.md?plain=1
https://www.cyberdava.com

Configurations

No configuration.

History

23 May 2025, 15:54

Type	Values Removed	Values Added
Summary		(es) Se descubrió un problema en CyberDAVA antes de la versión 1.1.20. Una vulnerabilidad de escalada de privilegios permite que un usuario con pocos privilegios aumente sus privilegios abusando de la siguiente API debido a la falta de control de acceso: /api/v2/users/user//role/ROLE/ (se puede obtener acceso de administrador).

23 May 2025, 05:15

Type	Values Removed	Values Added
New CVE

Information

Published : 2025-05-23 05:15

Updated : 2025-05-23 15:54

NVD link : CVE-2025-48695

Mitre link : CVE-2025-48695

CVE.ORG link : CVE-2025-48695

JSON object : View

Products Affected

No product.

CWE

CWE-266

Incorrect Privilege Assignment

6.4 /10