CVE-2025-66385

N/A Unknown
Published: November 28, 2025 Modified: December 01, 2025
View on NVD

Description

UsersController::edit in Cerebrate before 1.30 allows an authenticated non-privileged user to escalate their privileges (e.g., obtain a higher role such as admin) via the user-edit endpoint by supplying or modifying role_id or organisation_id fields in the edit request.

AI Explanation

Get an AI-powered plain-language explanation of this vulnerability and remediation steps.

Login to generate AI explanation

References to Advisories, Solutions, and Tools

Patch Vendor Advisory Exploit Third Party Advisory
https://github.com/cerebrate-project/cerebrate/commit/c9bfa90abc85d4a20a9cc2f282959b72bef829bb
Source: cve@mitre.org
https://github.com/cerebrate-project/cerebrate/compare/v1.29...v1.30
Source: cve@mitre.org
https://vulnerability.circl.lu/api/vulnerability/gcve-1-2025-0017
Source: cve@mitre.org

3 reference(s) from NVD

Quick Stats

CVSS v3 Score
N/A / 10.0
EPSS (Exploit Probability)
0.1%
17th percentile
Exploitation Status
Not in CISA KEV

Weaknesses (CWE)

CWE-472

Related CVEs

CVE-2025-69261 N/A
CVE-2025-69257 6.7
CVE-2025-69210 N/A
CVE-2025-66823 N/A
CVE-2025-50343 N/A